If common criminals in our midst would work half as hard at a real job as they do in their myriad attempts to steal from the rest of us we’d have a whole new crop of taxpayers helping to foot the bill. Instead, the never-ending drive to take your money continues unabated in the New Year.
Now comes the Michigan Department of Treasury with warnings for business taxpayers to be extra alert for cybercriminals attempting to steal W-2 forms and other sensitive information through a phishing scam.
In a typical scenario, cybercriminals impersonate persons of authority within a company and send an email to payroll personnel asking for copies of all employee W-2 forms. The scammers do their homework about an entity’s organizational chart and all communications appear legitimate.
A W-2 form contains an employee’s name, address, Social Security number, income and withholdings. Cybercriminals use that information to file state income tax returns and steal refunds, or they post it for sale on the “Dark Web.”
Glenn White oversees the Michigan Department of Treasury’s Tax Administration programs. He says, “Business taxpayers need to be aware of this reoccurring scam,” and suggests that businesses, “Please educate your employees about internal security processes for appropriately distributing sensitive information. As the income tax season approaches, cybercriminals will be out in full force to take advantage of taxpayers.”
The Internal Revenue Service reports the scam has affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities. A common theme in this scam and other email scams is that the copy includes grammatical and spelling mistakes.
Business taxpayers who receive this type of email are asked to report the encounter to phishing@irs.gov. To learn more about identity theft, you can click the link below: