Talent

How Companies Can Stop Thieves from Stealing Employee Tax Information

It’s unfortunately common this time of year for individuals to file their taxes only to find out that someone has already claimed their return. This type of identity theft can be upsetting, but it may be even more upsetting if they found out their identity was stolen not through a fault of their own, but due to their employer falling victim to a scam.

identity theft

Savvy cybercriminals are using business e-mail compromise schemes, or “spear-phishing” tactics, to acquire personally identifiable information (PII) through employers. They spoof an e-mail address or phone number to make it look like they are someone from the company’s Human Resources management company or accounting firm—or even someone from within the company itself—and ask for employee W-2s. Once they have the W-2s, they are able to steal employees’ identities.

This year, the IRS warned that cybercriminals are widening their target scope from just large corporations to smaller organizations, such as nonprofits and school districts. According to the Association of Certified Fraud Examiners (ACFE) 2016 Report to the Nations on Occupational Fraud and Abuse, small organizations often have fewer antifraud controls in place than larger organizations—a weakness that makes them easier targets for fraudsters.

Bruce Dorris, J.D., CFE, CPA, CVA, Vice President and Program Director for the Texas-based ACFE said, “Fraudsters and cybercriminals are continuing to search for new victims with this unique phishing scam. Many of these organizations have smaller budgets and do not have personnel to defend against these attacks, so [these companies] must invest and raise awareness in the latest fraud detection and prevention techniques to protect themselves.”

Employers can protect themselves and their employees by:

  • Educating employees on e-mail best practices
  • Never sharing PII over the phone or via e-mail
  • Reporting suspicious behavior

The IRS has asked employers who receive phishing e-mails to forward them to phishing@irs.gov. Employers must remember that as technology evolves, so do fraudsters. The best defense against fraud during tax season is to be wary of anyone asking for sensitive information and to report any suspicious behavior.

Leave a Reply

Your email address will not be published. Required fields are marked *