The next time you open your email, proceed with caution. The IRS Criminal Investigation is reviewing several cases where cybercriminals have obtained users’ Social Security numbers and other personal information, according to a press release.
The Federal agency alerted human resource and payroll specialists of a phishing scam called “spoofing” going around the Internet, where a cybercriminal will send an email in the name of a company “CEO” or executive asking personal information, including a PIN or Social Security number, from an employee of that company.
Here’s a sample of a spoofing email from the IRS website:
Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”
The IRS reports a 400 percent increase in phishing or “spoof” emails, and malware scams this tax season. In many cases, cybercriminals then use victims’ personal information to file illegal income tax returns.
According to the IRS website:
- There were 1,026 incidents reported in January, up from 254 from a year earlier.
- The trend continued in February, nearly doubling the reported number of incidents compared to a year ago. In all, 363 incidents were reported from Feb. 1-16, compared to the 201 incidents reported for the entire month of February 2015.
- This year’s 1,389 incidents have already topped the 2014 yearly total of 1,361, and they are halfway to matching the 2015 total of 2,748.
IRS officials urge people to visit this website to learn more about phishing email scams.