Every tax season seems to bring with it new attempts by criminals to fraudulently obtain tax refunds. One popular “phishing” scheme involves fraudulent emails that appear to be from a company executive seeking personal information on employees. Once this information is provided, the criminals use it to file fake tax returns for that individual, and to obtain a tax refund on behalf of that individual.
The IRS has increased its efforts to detect and prevent such phishing schemes. Last month, the agency asked employers to promptly report attempts by outside parties to fraudulently obtain W-2 information for their employees. The IRS now accepts electronic reports of such attempts here.
The agency asks employers to take a screen shot of the fake email and include it with their submission. If the employer fell for the phishing attempt, the form asks for information regarding the number of affected employees and a summary of how the data loss occurs. The IRS says that it will not independently contact taxpayers as a result of these reports, but provides guidance for reporting the data theft to employees. Finally, the IRS provided guidance for making similar reports to state tax agencies and the FBI.
As part of their cybersecurity procedures, all employers should train appropriate employees on how to avoid these schemes. Employers that are subjected to phishing attempts should promptly report them to the appropriate authorities.