Posts

IRS, FBI WARN OF W-2 PHISHING SCAM

We recently recieved this article from CalChamber and wanted to pass along this information as quickly as we could.  Please take necessary steps to avoid problems with these scams.

 March 5, 2018 Gail Cecchettini Whaley, CalChamber Senior Employment Law Counsel

HRWatchdog, HRCalifornia’s Employment Law Blog, © California Chamber of Commerce. (Must have link back to HRWatchdog) http://hrwatchdog.calchamber.com/

The Internal Revenue Service (IRS) and the Federal Bureau of Investigation (FBI) recently warned payroll and human resources professionals of a dangerous Form W-2 phishing scam that victimized hundreds of organizations and thousands of employees during the last two tax seasons—and this season is no different.

The scam goes like this: Cyber-criminals identify your company’s chief operating officer or other high-level executives, pose as the executive and send emails to payroll personnel. In these emails, the fraudsters request copies of employee Forms W-2 or ask for a list of all employees and Social Security numbers (SSNs). Using a technique called business email compromise or business email spoofing, these emails look like they were sent from within your organization.

No Typical Email

According to the IRS, the initial email may be a friendly, “Hi, are you working today?” type of exchange before the fraudster asks for all Form W-2 information. But that isn’t always the case.

Last year, one actual email simply asked payroll, “[S]end me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as of 2/22/2016.”

Criminals then use the stolen personal information and data on the W-2s, such as SSNs, to file fraudulent tax returns for refunds. Or they sell the information on the “Dark Net.”

Last year’s scams affected all types of employers—small and large businesses, public schools and universities, hospitals, tribal governments and charities. In 2017, reports about this scam to phishing@irs.gov from victims and nonvictims jumped to approximately 900, up from 100 the previous year. More than 200 employers were victimized in 2017, which translated into hundreds of thousands of employees who had their identities compromised.

Action Items

Employers need to educate payroll, HR and finance personnel of the W-2 scam. The IRS also urges employers to:

◾Consider limiting the number of employees who have authority to handle Form W-2 requests; and

◾Require additional verification procedures to validate the actual request before emailing sensitive data such as employee Form W-2s.

Employers also should immediately notify the IRS if they are victimized. The IRS can then take steps to help prevent employees from being victims of tax-related identity theft. Unfortunately, because of the nature of these scams, some businesses and organizations don’t realize for days, weeks or months that they were scammed.

The IRS has a special email notification address specifically for employers to report Form W-2 data thefts. Here’s how Form W-2 scam victims can notify the IRS:

◾Email dataloss@irs.gov to notify of the data loss and provide contact information, as listed below.

◾In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.

◾Include the following:

◾Business name;

◾Business employer identification number associated with the data loss;

◾Contact name;

◾Contact phone number;

◾Summary of how the data loss occurred;

◾Volume of employees impacted.

Businesses and organizations that fall victim to the scam and/or organizations that only receive a suspect email but do not fall victim to the scam should send the full email headers to phishing@irs.gov and use “W2 Scam” in the subject line.

Employers can learn more at the IRS webpage on Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.

A February 21 press release from the FBI Internet Crime Complaint Center, ic3.gov, provides additional information about how to report the situation to state tax agencies and other law enforcement officials.

 

Staff Contact: Gail Cecchettini Whaley (CalChamber)

NEW I-9 AND W-2 SCAMS

Beware:

Scammers are getting more sophisticated and posing as Federal officials to steal confidential information.

I-9 Scam

Employers are receiving emails from a sender claiming to be US Citizenship and Immigration Services and requesting information from the I-9 form.  Normally, employers do not share or send this information in to the USCIS.  However, the emails look very authentic even using correct emails with .gov and labels from both the USCIS and the Office of Inspector General.  It will have your company address and other information.

DO NOT CLICK ON ANY OF THE LINKS!!  The USCIS has stated that their agency is not sending out any inquiries for information in this manner.  Instead, forward these emails to the Federal Trade Commission at uscis.webmaster@uscis.dhs.com

W-2 Fraud

Be on the look-out for any emails from executives asking for a list of employees and their w-2 documentation.  Do not click on anything.  These are most likely scams.  Confirm any request directly by phone if possible before ever sending information about employees over the internet.

As with all things concerning the internet, limit access to classified and confidential files and verify before replying or clicking on anything.

 

 

ObamaCare Scams Beginning

Here is a warning from the Better Business Bureau of Central California. You may want to let your employees know about this as well.

Better Business Bureau®
Start With Trust®
Serving Central California®

Obama Care Scams

Fresno, Ca- In less than a week, October 1st, the health insurance exchanges will open to consumers. Your BBB serving Central California would like to warn consumers of potential scams that might be going around or that eventually will be around over the Affordable Care Act. Unfortunately this brings in confusion for many consumers which helps scammers take advantage and want to scam you.
Typically when any new government program comes out it brings out a lot of confusion. Scammers will try to play on the fear and confusion consumers will have especially those who have absolutely no idea of what to do when the Affordable Care Act begins.

The most recent scam your BBB has been aware of is the “Affordable Care Card” The way the scam works is, a scammer calls a consumer and claims to be from the federal government. The caller will tell the potential victim that he or she needs an Obama Care insurance card. Then the con artist will tell the consumer that he or she must provide personal information such as a bank account or social security number in order to get the card.
Blair Looney, President & CEO of your Better Business serving Central California says, ” consumers should always be cautious when anyone calls you asking for personal information of any kind.” If you receive a call from someone claiming to be with the government, you should hang up the phone. Remember the government will never call you.
Follow these tips:
• Hang up the phone. If you get one of these calls, just hang up. You may be tempted to call back, but this will only give the scammer another oppurtunity to steal your information. Also, be sure not to press any buttons the scammer instructs.

• Never give out personal information. Never give out your bank account numbers, date of birth, credit cards or Social Security number.

• Don’t rely on called ID. Some scammers are able to display a company’s name or phone number on the caller ID screen. Don’t trust that the information you see is true.

When in doubt contact
your BBB at

800-675-8118

Visit cencal.bbb.org

STAY CONNECTED