IRS Highlights Small Business W-2 Scam
On Day 4 of the Security Summit-sponsored National Tax Security Awareness Week, the Internal Revenue Service is focusing on business identity theft scams.
While identity theft is often associated with criminals stealing someone’s personally identifiable information (PII), the IRS says these scams can also be used to target businesses: “just like individuals, businesses may have their identities stolen and their sensitive information used to open credit card accounts or used to file fraudulent tax [returns] for bogus refunds.”
To make it harder for criminals to successfully file these returns, the IRS established the “trusted customer” questions, which are similar to the multi-factor authentication used by online banking services. Basically, anyone responsible for filing the return gives extra authenticating information to the IRS, like additional PII, estimated payment history, and past filing history.
Identity thieves have also begun targeting employees with a spear phishing scam that requests all of the business’ W-2 information. To trick victims into divulging that PII gold mine, the identity thieves pose as a high-level employee to make the request seem routine. To help businesses efficiently report when they are the victim of the W-2 email scam, the IRS listed the following steps:
- “Email email@example.com to notify the IRS of a W-2 data loss and provide contact information. In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.
- Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.
- Businesses/payroll service providers should file a complaint with the FBI’s Internet Crime Complaint Center (IC3.gov). Businesses/payroll service providers may be asked to file a report with their local law enforcement agency.
- Notify employees so they may take steps to protect themselves from identity theft. The Federal Trade Commission’s www.identitytheft.gov provides guidance on general steps employees should take.
- Forward the scam email to firstname.lastname@example.org.”
The IRS also recommends that businesses develop a security plan for handling requests for and dissemination of employee PII and make sure staff members responsible for handling this information are made aware of these scams.
Remember, Taxing Subjects will cover the final National Tax Security Awareness Week topic tomorrow. For frequent data security updates, be sure to follow @IRStaxsecurity on Twitter.
Source: IRS Newswire