Cybercriminals spend their time concocting new nefarious ways to make money. As the IRS recently warned in an urgent alert, they are now combining two potent threats. One is CEO fraud, an e-mail scam in which the attacker spoofs a boss and convinces an employee to wire funds which end up with the cybercriminal. The other is W-2 phishing, where the bad guys pretend to be the boss requesting a copy of all employees' W-2 forms. They then file fraudulent tax refund requests on behalf of the taxpayers – or they sell the info on the Dark Web ($4 - $20 per record) so someone else can do the same thing.
As tax season is upon us, all organizations need to be wary of both schemes – and the combo version of them in which they execute both schemes as part of the phishing attack. I mean, heck, if you're going to impersonate a boss anyway, you might as well make money with wire transfers as well as employee tax data, right?
In June of 2016, the FBI estimated that crooks had stolen nearly $3.1 billion from more than 22,000 victims of these wire fraud schemes. The W-2 phishing scams first appeared in February of 2016 and became a huge phenomenon.
The IRS says organizations receiving a W-2 scam email should forward it to firstname.lastname@example.org and place "W2 Scam" in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the FBI.
Employees whose W-2 form have been stolen should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft. Employees should file a Form 14039 (PDF) Identity Theft Affidavit, if the employee's own tax return is rejected because of a duplicate Social Security number or if instructed to do so by the IRS.
Be sure to read the alert for additional steps both employers and employees can take to guard themselves against being fleeced by cybercriminals in this new hybrid scam.
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology