April 15 may seem like it's a long way away but it's never too early to get started on your taxes. Rest assured, scammers are already working on them.
You're probably familiar with tax identity theft, aka tax refund fraud, which the Federal Trade Commission dubbed the largest and fastest growing ID theft category in 2016. But did you know the IRS reports that W-2 scams aimed at employers increased nearly 80% last year vs. 2016?
In other words, diligently protecting your personal information and filing your taxes early might not be enough. Company employees have been falling for email phishing scams and exposing your W-2 to criminals before you even get your tax return mailed.
How W-2 Scams Happen
A W-2 scam usually works like this: Cybercriminals hack into executives' email accounts and send communication from that alias targeting human resources and/or payroll departments. In the email, the criminal will request that the executive send them a file containing the W-2 forms of the staff. They then attempt to file fraudulent tax returns for refunds.
While it would seem unlikely that any employee would fall for this request, nearly one in four organizations that reported receiving a W-2 phishing email acknowledged they had been a victim of the scam last year. Everyone is susceptible: W-2 cons have evolved beyond the corporate sector to target all types of organizations including universities, charities, and medical companies.
"These scams have quickly become one of the most prolific forms of cybercrime, largely due to the fact that employees believe the requests are coming from trusted sources and do not know how to spot the warning signs," says Michael Bruemmer, Vice President of Consumer Protection at Experian.
"The schemes are popular among criminals because of the opportunity for mass fraud, given all U.S.-based companies are required to issue W-2s."
What Can You Do to Stop W-2 Scams?
Here are five ways to diminish the threat of W-2 scams:
- Report any suspicious emails you receive to your company and don't ever click on any links in emails from unknown sources.
- If you haven't been trained at work on how to spot phishing emails and other cybersecurity protocols, inquire if a training can be launched at the company or ask your IT team for help.
- Share news about prevalent scams and good security practices with your colleagues (including this article!).
- Because this issue continues to grow, the IRS established a special email notification address specifically for employers to report any W-2 theft at firstname.lastname@example.org. If you just received a phishing email but did not fall victim to the scam, report it at email@example.com and use "W2 Scam" in the subject line.
- Stay vigilant and file your taxes as early as possible to prevent thieves from cashing in on your refund.
Today, it takes a collective effort to protect ourselves from cybercriminals. In the workplace, you have an important role in keeping not only your information safe but those of your colleagues too. Be alert and report anything suspicious as soon as possible.
For more protection tips and other resources, visit the FTC's annual Tax Security Awareness Week website.