October 27, 2021

Volume XI, Number 300

Advertisement
Advertisement

October 26, 2021

Subscribe to Latest Legal News and Analysis

October 25, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Avoid Taking the Bait of W-2 Phishing Schemes

As tax season winds on, the W-2 form scam has emerged as one of the most dangerous and common phishing email schemes during this time of year.

W-2s are information-rich documents containing an employee’s name, Social Security number, address, salary, and other personal information. Each year, cyber criminals target these documents in order to sell the sensitive information contained therein and to submit fraudulent tax returns in hopes of defrauding the IRS.

During the 2018 tax season, cyber criminals exposed upwards of 1.4 billion records. In the past few years, the IRS has confirmed that 3 million tax returns were fraudulently filed in the amount of $20 billion. Although the IRS identified and eliminated most of the fraudulent returns, cyber criminals still obtained upwards of $1.6 billion in 2017.

There are many methods by which cyber criminals attempt to obtain W-2 information. The most common, however, is a phishing scheme targeting a company’s human resources or payroll department. Most often, cyber criminals “spoof” the CEO’s email address and request a copy of all employee W-2s via email. Spoofing is the forgery of an email header so that the email appears to have actually originated from the CEO. Upon closer inspection of the actual email address, it proves to be fraudulent.

Employers’ first line of defense is to educate employees with access or privilege to this data that they are a target of these phishing schemes. Increased skepticism and avoidance of these ploys can save employers substantial time and money. Thwarting these phishing schemes will also save your employees the headache of having their returns rejected. A rejected return would necessitate employees file by paper and, in certain circumstances, verify their identity in person at a local IRS location.

Copyright © by Ballard Spahr LLPNational Law Review, Volume IX, Number 66
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Kristen Poetzel Ricci Privacy lawyer Ballard Spahr
Associate

Kristen Poetzel Ricci is an associate in the firm's Privacy and Data Security Group who concentrates on data privacy and cybersecurity matters, including breach response and investigation, risk assessment, proactive breach planning, regulatory investigation and compliance, and privacy litigation defense. Kristen's cybersecurity clients include financial institutions, corporations from various industries, health care entities, municipalities, and educational institutions. She uses her technical knowledge of ransomware, phishing, hacking, malware, Trojans, botnets, and...

215.864.8660
Philip Yannella, Ballard Spahr Law Firm, Philadelphia, Data Security Attorney
Partner

As Co-Practice Leader of Ballard’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information.

Mr. Yannella regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of...

215-864-8180
Advertisement
Advertisement
Advertisement