Tax Return Email Phishing Scheme to be Aware of this Tax Season

Published February 3, 2017

W-2 Email Phishers are Targeting Businesses in More Effective Ways

Cybercriminals are taking advantage of the tax season and busy CPAs with a double barrel email phishing scheme targeting your W2s and your bank account.

The two-step email phishing scheme tries to trick tax preparers and businesses into giving up sensitive information to file fraudulent tax refunds and reap the benefits.

Email phishing schemes are getting more sophisticated and more dangerous. The IRS has issued an “urgent alert” to warn individuals and organizations of these dangerous schemes.

Who Tax Return Email Schemes are Targeting

While these schemes are not new, they are becoming more common. The IRS warned that this scheme is targeting:
  • School districts
  • Healthcare organizations
  • Chain restaurants
  • Temporary staffing agencies
  • Tribal organizations
  • Non-profits

Even if you do not think you are getting a tax refund, you can still fall victim to this scheme. Cyber criminals have upped the ante by stealing bank account information and draining the funds.

IRS Commissioner John Koskinen said:

“This is one of the most dangerous email phishing scams we’ve seen in a long time. The wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.”   

How the 2-Step Email Phishing Scheme Works

Step 1: Cyber scammers hijack your tax advisor’s inbox

The scam starts when the cyber scammers email your accountant or tax advisor posing as a CEO or C-suite executive to feign authority. The scammer will ask the CPA for sensitive information - bank account information, employee W2s, etc. If the tax preparer replies, the scammer will reply with a malicious attachment. Once your tax rep opens the attachment, the malware infects the computer. The scammer can then take complete control of your tax rep’s device, including their email.

Step 2: Cyber scammers-in-disguise trick you into handing over your refund

In the second act, the scammer will pose as your accountant, a person you trust. The malware the cybercriminal installed on the accountant’s computer makes it easy for the scammer to access client information and contact you. To you, the email might look legitimate because the email is almost the same and it uses your accountant’s signature line. These slight inconsistencies are a trademark of email phishing schemes.

The scammer will email you asking for W-2s, bank account information, or other sensitive information. If they receive this information, they will file your taxes, and deposit your returns into their bank account. Or worse, they will hijack your bank account and drain your funds.

How to Protect Yourself Against Tax Season Phishing Scams

If you ever receive an email from your financial advisor asking for your financial records or personal information during tax time, take these 3 precautionary measures:

  1. Triple check the sender email address in the “From” field, and type out the correct email address in the “To” field instead of depending on auto-fill.
  2. Pick up the phone and call your tax advisor. If they don’t verify sending the email, then avoid the reply button at all costs. Also, contact your IT services partner to alert them to this scheme.
  3. Hand deliver your tax information to your financial advisor’s office and talk about sensitive details with your tax personnel in-person.

Other tax scams you need to watch out for

Not only will scammers target your email, but they’ll use phone, mail, or fax. In some cases, they’ll even disguise themselves as the IRS.

The IRS clearly states on their website they do not use these means to contact people about taxes, and to take caution if anyone receives these phony messages. Scammers will maintain a professional tone for only so long. Demanding your information or threatening you with fines or lawsuits are other red flags the IRS warns us about. You’ll never be bullied into filing your taxes by trustworthy professionals, as seen on their website under tax scams:

How to take back your tax refund

What happens if you’re reading this and you’ve already been duped? Fortunately, you’re not alone. Fraudulent tax returns are a growing problem. The IRS paid out nearly 6 billion dollars in fraudulent tax returns in 2013. If a cybercriminal swindled you of your refund, here are important steps to getting your money back:

  1. Report the theft to the IRS, your state revenue agency, and the police (in addition to filling out an identity theft affidavit to flag your account with the IRS, an official theft report needs to be on record).
  2. Give the IRS copies of old tax returns. It will be easier for them to cross examine information if you provide them with credible back up documents.
  3. Protect your IRS PIN and social security number.
  4. Alert the credit reporting bureaus (Equifax, Experian, TransUnion) that you are an identity theft victim. If a scammer has enough information to file your taxes, they can also take out loans or get credit cards under your name. The credit bureaus can flag lenders and prevent new credit agencies from viewing your credit score or report (a free service if you filed a police report).
  5. Check your credit report and identify any suspicious activity with the 3 credit reporting bureaus.
  6. Change your passwords on any tax prep websites.
  7. Sit back and wait for the results The average IRS identity theft case takes 6 months to solve. If the IRS fails to solve your case, they’ll pay you back with their own money.

Knowing Email Phishing Signs is the First Step in Protecting Your Assets in Tax Season & Beyond

Take caution this tax season when going through your email inbox. Double-checking the email sender’s address, verifying identities before you send sensitive information, and keeping in touch with your tax advisor might save you a heavy burden and a light wallet.

New Call-to-action

Erik Gudmundson

Written by Erik Gudmundson

Erik Gudmundson is an experienced leader in the field of IT service delivery. He is responsible for designing, proposing, implementing, and supporting cloud, on-premise, and hybrid IT solutions in computer-dependent business environments. As a trusted advisor to his clients, he communicates solutions and pitfalls/workarounds effectively.

Search the Blog…