Skip to content ↓ | Skip to navigation ↓

Phishing is a form of fraud against which we must continue to be vigilant. Unfortunately, we have our work cut out for us. Numerous types of phishing attacks take place every day in the wild.

The most recent twist involves fraudsters claiming to be a CEO and requesting W-2 information from HR and/or finance. The threat of the “CEO email scam” is very real. After all, identity theft topped the Internal Revenue Service’s “Dirty Dozen” list for the second year in a row in 2016.

Additionally, with a 400% surge in phishing and malware attempts observed this year over 2015, it is clear that all of us are increasingly becoming viable targets of these and other threats.

Tax fraud scams can come in various formats:

  • Bad actors “spoof” (or fake) an email address purporting to be someone they aren’t, and they request information from the recipient.
  • Phone scammers claim to be from the IRS and threaten people with punitive actions, such as penalties or even deportation unless they provide them with personal information.
  • Phishers redirect users to fake websites and trick them into entering private information.
  • Fraudsters claim tax payers can increase their refund if they simply provide some information about themselves.

There are lots of variations but the end result of these and other schemes is always the same: identity theft.

In 2015 alone, more than 330,000 people were victims of stolen W-2 information as a result of these ploys. Major companies, such as Snapchat and KnowBe4, have also been targeted by attackers looking to gather large volumes of data.

So, how can you protect yourself and your company from these tax-related scams?

Here are a few tips:

  • Plan on filing your taxes early – this will remove the opportunity for fraudsters to file before you.
  • Always think twice when you receive unsolicited emails, texts and links, especially when they ask you for personal information.
  • Independently verify any request for information from an executive at your company. Rather than respond to requests by yourself, follow up directly with your human resources or finance group to validate the request.
  • Report suspicious activities to appropriate IT staff members.

For more tips on how you can stay safe this tax season, please visit the National Cybersecurity Alliance website or their tax tip sheet.


Title image courtesy of ShutterStock