It has come to our attention that there has been a recent increase in the number of cybercrime incidents involving payroll and human resources.
has features that can help!
If an employee’s direct deposit information is changed, it will automatically send an e-mail to the employee AND to the user making the change.
Please be sure ALL employees have a valid e-mail address in the system to take advantage of this and other helpful items (like paperless W2s!).
The IRS has warned employers to be on guard “against a growing wave of identity theft and W-2 scams” [IRS Tax Tip 2018-188, 12-6-18]. The IRS has also cautioned employers about “an uptick in phishing emails … that involve payroll direct deposit and wire transfer scams” [IRS News Release IR-2018-253, 12-17-18].
Phish: To request confidential information over the internet or by telephone under false pretenses
Types of Scams
- W-2 scam. Payroll employees are sent emails that appear to be from an executive or organization leader. The message usually starts with a simple greeting, such as: “Hey, you in today?” The emails will eventually ask for sensitive Form W-2 information. Because employees believe they are corresponding with a company executive, it may take weeks for someone to realize a data theft has occurred.
- Direct deposit scam. This scam involves emails that generally impersonate an employee and are sent to payroll or human resources. The email from the “employee” asks the payroll or HR staff to change the direct deposit account for payroll purposes. The “employee” provides a new bank account and routing number controlled by the thief.
- Wire transfer scam. The emails impersonate a company executive and are sent to the company employee responsible for wire transfers. The email requests a wire transfer be made to a specific account controlled by the thief.
These scams are sometimes referred to as business email compromise (BEC) or business email spoofing (BES) scams. All businesses should be alert to these BEC/BES scams as they can take other forms as well, including fake invoice payments, or other schemes that result in a quick payoff for the thief. Businesses should consider policy changes to guard against such losses.
If you receive a suspicious email, read it carefully before acting. A common theme in these and other email scams is that they include grammar and spelling mistakes, a sense of urgency or a request to set/reset User IDs or passwords.
Fortunately, there are things that can help individuals and small businesses detect and avoid a “phish”:
Be cautious with electronic communication – Check email addresses carefully, especially those coming from executives demanding financial transactions. Hover the cursor over the sender’s email address, which should bring up a “mouseover” box containing the sender’s actual email address. Inspect it for irregularities that could signal signs of spoofing. As much as possible, don’t use personal emails for company messages. Use email’s “forward” feature rather than “reply.” “Forward” forces the user to type in a known and trusted email address, whereas “reply” will respond directly to the “phisher”.
Update your email filters – Inform your IT department and have them include keywords of this attack in your email spam filters.
Watch out for social media scams – Curate your social media feeds and avoid posting vital corporate workflow details that could reveal your organization’s executive and human resources employees.
Use two-factor authentication – Think of using two-factor authentication for fund transfers and corporate email accounts. Use known phone numbers for verification and avoid displaying these phone numbers on email correspondence.
In a suspected phish, do not click links, open attachments, call phone numbers, or respond to a text message requesting personal or financial information like credit card numbers, Social Security numbers or other banking information. It is best practice to contact the company directly by typing in a known URL address into your Internet browser and not use information contained in the suspect email/text.
Here’s a look at an actual email:
From: Jon Pryor
Sent: Monday, August 26, 2019 11:24 AM
Subject: Assist: Direct Deposit details
I have recently changed my bank so I will like to update my pay check direct deposit information.
Can I email you the new bank info so you can make the change effective ASAP or you can email me the necessary paper work I need to fill, I want this change viable with the coming payroll.
Sent from my iPad
How to Report Scams
If you are an employer impacted by the form W-2 scam, forward the email to firstname.lastname@example.org. There is a process that employers that can follow at https://www.irs.gov/individuals/form-w2-ssn-data-theft-information-for-businesses-and-payroll-service-providers. If you are an employer who received a form W-2 scam email but was not impacted (meaning you didn’t click or respond), forward the email to email@example.com.
Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.
Forward non-tax related BEC/BES email scams to the Internal Crime Complaint Center (IC3), which is monitored by the Federal Bureau of Investigation (FBI). You can file a complaint about email scams or other internet-related scams by going to www.ic3.gov.
If you receive tax-related phishing emails, forward those to firstname.lastname@example.org. IRS cybersecurity professionals monitor this account, and this reporting process also enables it and its partners to identify trends and issue warnings.