March 22, 2016

There has been an elaborate phishing scheme this tax season that attempts to trick human resources and payroll professionals into revealing employees’ personal information, including names, email addresses and Social Security Numbers. Cybercriminals pose as executives in emails in an attempt to secure this data.

The IRS issued an alert on March 1, 2016 after several cases occurred when targeted individuals unknowingly shared Social Security Numbers and other sensitive data with imposters who contacted them under the guise of the CEO or another executive. The 2016 tax season has seen a 400% increase in cybersecurity breaches.

Several examples of language that has appeared in phishing emails are below:

“Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

“Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).”

“I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

While these emails might seem ordinary, payroll and human resources professionals as well as any professional asked to send sensitive data, should be cautious before sending the requested information online. Verify the email address, and contact the “sender” face-to-face to ensure the request is legitimate.

You also may have noticed several grammatical errors or inconsistencies in syntax in these emails. Be aware that this may be a sign of a hacker.

The online world provides relatively new opportunities for cybercriminals to gain access to confidential data. Taking the above-mentioned precautions can help prevent the disclosure of confidential information.

Check out the IRS website on cybersecurity and taxes or Publication 4524 for more information.

Ricardo Trujillo, CPA, CITP is a Certified Information Technology Professional with a strong background in Information Technology. Mr. Trujillo devotes a significant portion of his time to helping organizations bridge the gap between business and technology by carefully analyzing IT infrastructures and providing recommendations where needed.