The Federal Bureau of Investigation (FBI) has issued a new alert for businesses due to a major rise in phishing attacks attacking payroll worker. The target of the phishing attacks is to download copies of the W-2 forms of workers. Information on the forms is used to carry out identity theft and tax fraud.
2017 saw record numbers of phishing campaigns targeting businesses, educational institutions, and healthcare groups. In some instances, the W-2 form data of thousands of employees was emailed to scammers by payroll workers. The IRS reports that there were a minimum of 200 businesses targeted and in excess of 900 complaints registered in relation to tax-related scams.
The Internal Revenue Service (IRS) Online Fraud Detection & Prevention division has been on the look out for phishing scams claiming to be the IRS and has recorded a sharp rise in email scams. While some email scams have particular targeted consumers, businesses are most in danger.
Consumer-focused scams normally involve IRS-themed emails, whereas attacks on businesses usually see company executives and the CEO impersonated. The emails ask for copies of W-2 forms for workers who have worked in the past fiscal year.
The scammers normally research companies to identify the style of emails used, the identity of the CEO and executives, and payroll and accounts department workers to target. Some scams incorporate spoofed email addresses, others have seen the emails accounts of executives accessed, adding legitimacy to the email requests.
In many instances, once the attackers have downloaded W-2 Form data a further request is issued requesting a wire transfer. Several groups have fallen for these scams, which may not be detected for some time.
The email scams can be very believable and difficult to decipher, especially when email accounts have been accessed. However, if basic security best practices are adhered to, danger can be limited.
The FBI recommend that companies take the following steps:
- Restricting the number of workers who have access to employee tax data and are authorized to complete wire transfers
- Put in place procedures that require amendments to bank account information of suppliers to be verified by phone with the telephone details taken from a contact list
- Processes needing wire transfers over a set threshold to be subjected to more rigorous security reviews, including verification by more than one staff member
- Wire transfers for all new trading partners and for non-standard transactions require dual approval, including overseas accounts transfers
- Out of band authentication of all submitted requests for copies of W-2 Form and tax-related data
- Delay of transactions to allow extra verifications to be carried out