W-2 forms and other income tax document thefts caused massive headaches for the government and taxpayers years ago when stolen identity refund fraud (SIRF) was at its peak. The Internal Revenue Service (IRS) lost billions of dollars, and taxpayer refunds were significantly delayed. Now, the Coronavirus has breathed new life into this con involving income tax refund thefts.
Grab those W-2s
Business email compromise (BEC) BEC is prevalent early each year as W-2 income forms start hitting the mail. The United States Treasury has lost billions of dollars to this flagrant fraud—even sending multiple unearned checks to a single address or multiple addresses overseas. Now, despite substantial government efforts to kill off the con, it’s back. The Coronavirus has revived it.
Security researchers reported a sizeable increase in bogus W-2 fraud attempts in 2020 when IRS extended the filing period several months. In 2021, the trend could continue as the IRS pushed back the filing date by several weeks. The clock is ticking because the first return filed in your name is often regarded as legitimate until the genuine one arrives.
“Why are we renewing the call for vigilance?” FBI, experts stated in a business advisory on Covid scams. “The economic upheaval caused by the Coronavirus has led to a flurry of unusual financial transactions–expedited orders, canceled deals, refunds, etc. That’s why an emergency request that would have raised eyebrows in the past might not set off the same alarms now.”
BEC is reasonably straightforward. Often the CEO is impersonated. Miscreants steal or imitate a business leader’s email address. Workers in accounting, payroll or human resources get targeted and respond if they think the command comes from the top. In the past, hundreds of workers have shared employee W-2 forms with bad guys. With W-2 forms in hand, the path to tax return-related identity theft is wide open for scammers.
Hackers may use an email that looks genuine but contains slightly altered characters—for example, john.cameronl@yourcompany vs. john.cameron1@yourfirm. Take a second look; these addresses are not the same. The first in this example is the lower-case letter L in Times New Roman typeface. The second character is the #1. Hackers use these type font tricks with impunity.
Beware of the rogue preparer
Not every tax preparer who posts a sign on a telephone pole is legit. Rouge operators often post flyers at rec centers, senior gathering spots and in business windows. Be very careful of any first-time hire.
Smart steps include:
- Ask friends for recommendations of a preparer they’ve used before.
- Ask any preparer if they can and will e-File. A NO often indicates the IRS does not recognize the professional.
- Ask the businessperson for their Tax Preparer ID number and double-check it at the IRS lookup site.
- Keep copies of all your documents in case the provider vanishes.
Other document sources
Tax doc fraud also includes data taken from payroll firm data breaches and health records. The Feds are always one step behind these con artists, but some have faced huge fines and jail time.
In March 2018, a judge sentenced William Anthony Gosha III of Alabama to 30 years for a seven-year scheme that netted over $9 million in income tax checks. Gosha’s plans tapped multiple sources for data.
The U.S. Department of Justice stated Gosha first stole the identity data of inmates from the Alabama Dept. of Corrections. He later stole employee records from a company in Columbus, GA. Then, needing more food for this elaborate scam, a partner approached a third individual working for two Alabama state agencies—Public Health and Human Resources. At the team’s request, that individual focused his info gathering on 16 and 17-year-olds.
Are there warning signs?
Here are several red flags:
- Poor grammar in emails is a dead giveaway. Grammatical errors have decreased, however, as scammers brush up on correct English.
- Emails will be short and direct.
- Often the email is labeled urgent or time-sensitive—to give staffers less time to think.
One idea a business can investigate is the technology that could block W-2 attachments from leaving its network. Outbound filters can shut down this fraud before damage is done.
Individuals need to double-check strange emails and never click on unknown attachments. Ask a co-worker or friend to view the email. You don’t want responsibility for leaking W-2 data on fellow employees to a bad actor.
BEC also works when a regular vendor your firm has an established relationship with sends an invoice with a “new” email address. Hackers view BEC as a cash cow, so learn what you can about this trend. The FBI offers copious advice for businesses on how to thwart BEC.
If you become a victim of W-2 data theft in any way, call the IRS. They offer SIRF guidance for businesses and can add alerts to individual accounts or employee groups. Call ASAP.
IDShield is a product of Pre-Paid Legal Services, Inc. d/b/a LegalShield (“LegalShield”). LegalShield provides access to identity theft protection and restoration services. For complete terms, coverage, and conditions, please see an identity theft plan. All Licensed Private Investigators are licensed in the state of Oklahoma. This is meant to provide general information and is not intended to provide legal advice, render an opinion, or provide any specific recommendations.