Could You Become a Victim of Cybercrime?
With the rise of these incidents, comes the demand to understand how these attackers are getting your information, and furthermore, how to avoid it from happening to you. The Internal Revenue Service (IRS) and other tax agencies have seen a recent uptick in W-2 theft and other cybercrimes committed in an effort to steal tax refunds. “This is one of the most dangerous email phishing scams we have seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner, John Koskinen.
So how does it work? Cybercriminals send out emails to businesses requesting a list of employees and their W-2s. Who would fall for such a request? Well, just about anyone. The senders of these emails use spoofing techniques to make it appear as if the email is being sent from inside the organization, or from a government entity or even a tax preparer. The unsuspecting employee then uploads the requested W-2s, thinking they are sending them to their supervisor or someone else who has clearance to receive this sensitive information. Phishing scams aren’t exclusive to the corporate world either. School districts, tribal organizations, and nonprofits have all been recently victimized.
How can you protect yourself?
- Be on high alert of any email you receive that you weren’t expecting. Another common phishing email looks like a request from a corporate executive to the Finance Department to wire money. If you receive an email request for money or sensitive information, call the sender immediately to verify its authenticity.
- Use social security number masking when possible. Most payroll software allows the user to print W-2s, 1099s, and other sensitive documents with only the last four digits of the social security number showing. The full social security number must be printed on documents sent to the IRS, but for documents sent to the recipient, masking is a great way to protect their information from cyber-theft or mail theft. Ask your Human Resource or Payroll Department to consider masking sensitive information in the future.
More Safety Tips
Our Information Technology (IT) team also shared some valuable tips which are listed below:
- According to our IT Manager, you may be able to mouse over the sender of an email to identify the true sender. Outlook users can go into the file properties of an email and see the source.
- Be aware that many email distribution lists sell your information. For example, coupon and money-saving websites profit from selling your email address and name to anyone willing to pay for it. For this reason, using work email for online shopping or any other personal use is strongly discouraged.
Security at MSA
Our clients trust Martin Starnes & Associates, CPAs, P.A. with their most personal information. We take that responsibility very seriously by investing a great deal of time and money into cutting-edge technology. Incoming emails are pre-scanned to block live files, and many emails are blocked from unknown senders. We use encrypted USB drives, and any USB drives from clients are scanned for viruses and malware before they are used in our system. We use a document sharing portal to send and request sensitive information. This portal uses bank-level encryption in transit and at rest, and uses two-factor authentication for added security. Additionally, when we print K-1s for our businesses, the client copy masks sensitive information to protect the recipient.
What To Do If You Are A VictimIf you receive a W-2 scam email, forward it to the IRS at email@example.com, and use “W-2 Scam” as the subject line. If your W-2 has been stolen, file a complaint with the Federal Trade Commission (FTC) at identitytheft.gov and notify your tax preparer. A form 14039 Identity Theft Affidavit may have to be filed, and additional security information may need to be used in order to file your tax return. See the IRS Guide to Identity Protection for more information at www.irs.gov/idividuals/identity-protection.
Article by: Sabrina Cook, Senior Tax Accountant