CAUTION: Cybercriminals are Targeting Payroll & Human Resources Departments
By Shane Cahill and Douglas Melton
Tax season is upon us and thieves seeking to make a quick buck have developed a scam that has proven effective. The deception is relatively simple. The cybercriminal uses a corporate officer’s name and e-mail address to request employee Forms W-2, Social Security Numbers, and/or income information from company payroll or human resources departments. Armed with this information, the scammer then files fraudulent tax returns to receive the employees’ tax refunds.
The following are some of the details that may be contained in such fraudulent emails:
Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
While the IRS has reportedly made progress fighting against tax-related identity theft, cybercriminals are using more sophisticated tactics to try to steal even more data that will allow them to impersonate taxpayers.2 As such, Payroll and Human Resources managers are encouraged to confirm that accuracy of requests for employee tax and personnel information before responding. Inadvertent or improper circulation of such sensitive information not only costs employees, but may result in liability for your business.
If you have any questions about the best practices for and responsibility of your company to secure private and confidential employee information, please contact an attorney in our employment group.