While cybersecurity should be a year-round concern for small business owners, income tax filing season can bring some particular risks, according to the IRS. The agency says it received an increase in reports of attempts to obtain employees' W-2 forms in hopes of stealing people's personal information and identities. The scams often go after employees in companies' human resources and payroll departments, but any staffer or manager could be a target. In the scam, a potential thief poses as a company executive, sending an email from an address that might look legitimate, and requests a list of employees and their W-2s.

Owners need to be sure that anyone with access to employee records, including W-2s, understands that they should not send the forms or staffer information to anyone without checking to be sure this is not an attempted scam. The IRS wants companies to report W-2 scam emails to the agency, and it also wants to know if anyone has become a victim. For more information, visit the IRS website, www.irs.gov, and search for "Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers."

The IRS also warns all taxpayers about emails that look like they are coming from the agency but that are phishing attempts aimed at getting harmful software into a PC or a server. The emails might say that the taxpayer has a refund waiting at the IRS, or that the agency needs more information from the taxpayer. There is likely to be a link or an attachment that the reader of the email is supposed to click on - and that is how thieves and hackers gain entry to a computer.

Remember - the IRS only contacts taxpayers by US Mail!

The IRS does not initiate contact with taxpayers by email, text messages or social media; it sends letters by US mail. Company owners and their employees need to be on guard against all kinds of phishing scams, and no one should ever click on a link or attachment until they are completely sure the email is legitimate. And if an email says it's from the IRS, it is not.

Accountants and other tax professionals are also targets of thieves looking to steal personal information and identities, the IRS says. It has a page on its website devoted to providing paid tax preparers with information so they can protect themselves and their clients. The address is www.irs.gov/tax-professionals/protect-your-clients-protect-yourself.

Below are a few real world examples that occurred recently.

Successful Business E-mail Compromise Attack in Minnesota

An employee affiliated with a state agency reported falling for a social engineering attack in which they received an email from a Gmail account that used the display name of an executive in the organization and directed the recipient to transfer funds to an external account. The employee did so before realizing that these were not legitimate requests. This has been reported to the police and investigations are underway. This type of attack is commonly known as a "Business Email Compromise" attack and is used by attackers to trick employees into wiring funds or providing copies of sensitive data. During tax season, these requests often include directions to provide copies of employee W-2s to someone pretending to be an executive in the organization.

Pittsburg, KS Employee Tax Info Breach

The City of Pittsburg, Kansas says it was subjected to a sophisticated phishing scheme targeting employee payroll data. Officials say sensitive information for current and former city employees who received a W-2 for 2017 was released. "This was not a technical attack against our firewall or network filters, but instead it was a social attack aimed at our employees. While we believe we have significant safeguards in place to reduce the risk of these types of threats, we take full responsibility for this incident occurring and will do better in the future to protect all sensitive data." The city says it is taking precautionary measures to protect anyone affected by the release. They said that within 24 hours of the attack, local law enforcement, IRS, and FBI were all notified. City officials say the breach did not involve access to the city's technical network, adding that no evidence was found to suggest employee information had been misused.

Source: KOAM TV

Confidential Information of Batavia, Illinois City Employees, Elected Officials Stolen in Phishing Scam

The City of Batavia, Illinois announced Friday that personal and financial information of 268 people was compromised through a bogus email. The information stolen included names, social security numbers, addresses, and earnings for current and former employees as well as elected officials. The Batavia City Administrator said an employee responded to an email 31 January that appeared as though it came from his official e-mail account and requested W-2 tax form information. The employee started questioning the inquiry after replying with a copy of the W-2 records. The city administrator said it was not an internal hack of the city's computer system. It was a response to a request that led to the information being stolen, she said.

Source: Chicago Tribune

Charlotte Housing Authority Hit with W-2 Tax Breach

The Charlotte, North Carolina Housing Authority was hit with one of the tax season's earlier W-2 breaches, which was identified ten days before the Federal Trade Commission's Tax Identity Theft Awareness Week kicked off. The housing authority said an email was sent to an employee purportedly from the CEO asking for all current and former W-2 records. The email was received and acted upon, but the fact that it was fraudulent was not discovered until 19 January. The information compromised includes employee names, addresses, social security numbers, and wage information.

Source: SC Magazine

Additional Resources and articles on Business E-mail Compromise (BEC) Scams:

• FBI: Business E-Mail Compromise
• IRS: Protect Your Clients; Protect Yourself
• The Security Ledger: Business Email Compromise is a $5 Billion Industry
• Consumer Affairs: W-2 phishing scam targets consumers' tax refunds

Source: Multiple Open Sources and MN Fusion Center