Welcome To The Dance: Take Three Steps Forward and Six Steps Back

For many months there has existed an aura of distrust, deception, lying and lying about lying.  The dance creates an interesting way of digression.  Why?  The reason is very simple: Greed! Lies define the liar.  The dance: futility, no progress, and inevitably failure. How long can the government put off governing while investigating and spending millions of dollars for no apparent gain? As mold grows on mold, it just seems to create a governmental fungus. There are enough problems in our world; it is not necessary to generate more. One major problem is about to replicate itself.  Tax filing season has begun and the Service began to accept tax returns on Monday, January 29.  Now begins the federal tax refund nightmare of situations for institutions. From money mules to identity theft, nasty divorce situations to non-post items, institutions sometimes find themselves in high risk situations with no clear guidance on how to proceed. Institutions need to be prepared for the onslaught of situations the tax refund season presents. Regardless of the scenario, there are some sound business practices that can reduce the institution’s exposure to loss and non-compliance.  The IRS has released IR-2018-8, Jan. 17, 2018 the bulletin urges all employers to educate their payroll personnel about a Form W-2 phishing scam that made victims of hundreds of organizations and thousands of employees last year.

According to the IRS, the Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community. During the last two    tax seasons, cyber criminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.

Reports to phishing@irs.gov from victims and non-victims about this scam totaled approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.

Here’s how the scam works: Cyber criminals do their homework, identifying chief operating officers, school executives or others in positions of authority. Using a technique known as business email compromise (BEC) or business email spoofing (BES), fraudsters posing as executives send emails to payroll personnel requesting copies of Forms W-2 for all employees.  Since the Form W-2 contains the employee’s name, address, Social Security number, income and withholdings, criminals use that information to file fraudulent tax returns, or they post it for sale on the Dark Net.

The email may be disarmingly friendly and will attempt to indicate familiarity.  After a short reprise, the caller will ask for all Form W-2 information. In several reported cases, after the fraudsters acquired the workforce information, they immediately followed that up with a request for a wire transfer.

If the business or organization victimized by these attacks notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft. However, because of the nature of these scams, some businesses and organizations did not realize for days, weeks or months that they had been scammed.

The IRS established a special email notification address specifically for employers to report Form W-2 data thefts.

Here’s how Form W-2 scam victims can notify the IRS:
• Email dataloss@irs.gov to notify the IRS of a Form W-2 data loss and provide contact information, as listed below.
• In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.
• Include the following:
– Business name
– Business employer identification number (EIN) associated with the data loss
– Contact name
– Contact phone number
– Summary of how the data loss occurred
– Volume of employees im- pacted

Businesses and organizations that fall victim to the scam and/or organizations that only receive a suspect email but do not fall victim to the scam should send the full email headers to phishing@irs.gov and use “W2 Scam” in the subject line. “BEWARE, THE DEVIL AS A RORING LION ROAMS THE EARTH SEEKING WHOM HE MAY DEVIOUR.” Liars, scammers, and all unrighteous felons work for their Master—the Devil.  Do not let them destroy your business, your family or your home.

For more information, call Wilson & Wilson, PC, CPA, CFE at 615-673-1330   or  email  jim@ wilsonandwilsoncpa.com