In IR-2017-130 the IRS again warns business and tax professionals to beware of business email compromise scams. These scams have become so common they now have an acronym: “BEC” scams.
A BEC scam occurs when a cybercriminal is able to “spoof” or impersonate a company or organization executive’s email address and target a payroll, financial or human resources employee with a request. Often fraudsters attempt to trick an employee to transfer funds into a specified account or request a list of all employees and their Forms W-2.
The FBI reported a 1,300% increase in identified losses from such scams – with more than $3 billion in wire transfers – since January 2015.
With Forms W-2, scammers now have confidential information on employees including the employee’s name, address, Social Security number, income and withholdings. This information is used to file fraudulent tax returns or can be sold online to other criminals.
If a business is victimized by these attacks and notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft. The IRS has established a special email notification address specifically for businesses and organizations to report W-2 thefts: email@example.com.
Be sure to include “W-2 scam” in the subject line and information about a point of contact in the body of the email. Businesses and organizations that receive a suspect email but do not fall victim to the scam can forward the suspected BEC to firstname.lastname@example.org, again with “W-2 scam” in the subject line. If a BEC incident occurs, be sure to notify the IRS. In addition, you can file a complaint with the FBI at the Internet Crime Complaint Center (IC3).
Educate all of your employees about the risks of BEC scams and phishing emails. Thinking before clicking is the best protection.
Melinda Nelson, CPA