By Jorge Casuso
March 29, 2016 -- Cybercriminals
posing as company executives are seeking to obtain payroll data in what
is an "emerging phishing email scheme" that has claimed five victims
in the LA area, IRS officials said Monday.
The criminals will typically request W-2 Forms that contain Social Security
numbers and "other personally identifiable information" from
company payroll and human resources offices, said federal officials, who
issued an alert during a press conference at FBI headquarters in Westwood..
“This is a new twist on an old scheme using the cover of the tax
season and W-2 filings to try tricking people into sharing personal data,"
IRS Commissioner John Koskinen said in a statement. "Now the criminals
are focusing their schemes on company payroll departments.
"If your CEO appears to be emailing you for a list of company employees,
check it out before you respond," Koskinen said. "Everyone has
a responsibility to remain diligent about confirming the identity of people
requesting personal information about employees.”
The cybercriminals will trick their victims into thinking their email
is from a company executive by changing one character in the executive's
email address or obtaining the actual email by hacking into the system,
said Special Agent Andrew Lee, a spokesman for the IRS regional office.
The cybercriminals, Lee told The Lookout, "will determine how an
executive corresponds. Sometimes there's an urgency. I need to go into
a meeting, and I need this information right now," he said.
Some of the details contained in the e-mails include the following:
Kindly send me the individual 2015 W-2 (PDF) and earnings summary of
all W-2 of our company staff for a quick review.
Can you send me the updated list of employees with full details (Name,
Social Security Number, Date of Birth, Home Address, Salary) as of 2/2/2016.
I want you to send me the list of W-2 copy of employees wage and tax
statement for 2015, I need them in PDF file type, you can send it as an
attachment. Kindly prepare the lists and email them to me asap.
The criminals will then use the stolen information to engage in illegal
schemes, including filing fraudulent tax returns for refunds, authorities
said.
Since February, federal authorities have investigated cyberattacks at
11 companies in the western states, but there are probably hundreds of
companies that have been targeted in the scheme, Lee said, saying that
several of the attacks under investigation took place on the Westside.
"Companies need to come forward and let us know" if they have
been targeted, he said.
IRS agents have seen a 400 percent hike in phishing and malware incidents
and other reports of scams so far this tax season, officials said.
"The emails are designed to trick taxpayers into thinking these
are official communications from the IRS or others in the tax industry,
including tax software companies," officials said.
"The phishing schemes can ask taxpayers about a wide range of topics.
E-mails can seek information related to refunds, filing status, confirming
personal information, ordering transcripts and verifying PIN information."
Those who suspect they have been targeted in a W-2 phishing scheme should
immediately report the incident to their local IRS Criminal Investigation
office. Those in the Los Angeles area can call (213) 576-3232.
|