CEO Fraud and W-2 Phising

There was a recent outbreak in Orange City, IA where a scammer asked for important details of employees, claiming to be the CEO. Many people had their identities stolen because of it. Don't let this happen to you.


A Warning

The IRS warned that phishers started this scam much earlier this year, attempting to extract W-2 data which can be used to file fraudulent tax refunds, duping the actual taxpayers.

The agency alerted that the scammers also are targeting a much wider range of organizations in these W-2 phishing schemes, including school districts, healthcare organizations, chain restaurants, temporary staffing agencies, tribal organizations, and nonprofits. People who are not required to file a return can still be victims of refund fraud, and even people who are not actually due a refund from the IRS.

Double Barrel Attack

W-2 phishers cooked up a new, more profitable scheme where after the successful W-2 phish they also attempt a cyberheist, looting the victim organization’s bank account. The IRS said that W-2 phishers now very often follow up with an “executive” email to the payroll or comptroller requesting that a wire transfer is made to a bank account they control.

“This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said. “Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.”

I suggest you send this to either all your employees or the high-risk group. Feel free to copy / paste / edit:

[ALERT] The bad guys are starting their tax scams early this season! They are now combining two scams-in-one. First, they ask you to send them the W-2 forms of all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cyber criminals.

Remember that when you receive sudden requests like this, they may be spoofed emails and that you should double check by picking up the phone and verify that this is a legit request coming from that executive. In these cases, it's "OK to say NO to the CEO".

This tax season, stay alert for scams like this, and Think Before You Click!

The IRS says organizations receiving a W-2 scam email should forward it to and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the FBI.


Article courtesy of KnowBe4, Inc. All rights reserved to them (minus the first paragraph).