Business Emails Are a Big Target During Tax Season

business emails are a target for tax scams

Are your business emails safe?

As holiday festivities draw to a close and business for the new year begins in earnest, one of the biggest threats to organizations are business email compromise (BEC) or business email spoofing (BES) scams. While email security is always a concern, BEC scams increase tenfold during tax season. Cybercriminals use sophisticated measures in their attempts to trick your employees, especially those in HR and payroll, into believing they’ve received legitimate email from senders posing as the IRS or a state tax agency, in order to try to obtain confidential information or con your team into wiring money.

Tax Scams to Watch Out For

Request for W-2

One of the most insidious scams currently circulating is one that has been around for a few years. It is designed to appear as if it is coming from an internal senior executive, and cybercriminals have only become more adept at creating this allusion. The email, usually directed at payroll departments, appears to come from a senior level decision maker (CEO, CFO) and asks for the W-2s from a list of employees for a specified year. It is often written in a way to compel immediate action. Of course, W-2s have enough personally identifying information on them to be a virtual treasure trove for identity thieves. If you receive any kind of email requesting a copy of someone’s W-2, you should refuse to send it. Not only is it risky to send that kind of personal data through email but it likely is not the senior executive requesting the information. Follow-up in person or with a phone call to verify the request.

Demand for Information from the IRS

Another common scam that has people scrambling to comply is a spoofed phone call or email that appears to come from the IRS. No one gets excited to hear from the IRS, and the visceral reaction often prevents us from using a level head when considering whether or not the request is valid. Often, such a request includes a direct threat of audit for failure to comply. However, under the IRS privacy policy,

The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Any contact from the IRS will be in response to a contact initiated by you. Cybercriminals, when they learn of a new IRS process, often create false IRS web sites and IRS impersonation emails.

High Alert: Banks, Accountants, and Tax Professionals

Scams involving fraudulent letters from the IRS directed specifically at banks, accountants, and tax professionals are prevalent this time of year. Specific threats include using a fake IRS Form W-8BEN to obtain personal information on foreign account holders, demanding personal information from a professional tax preparer or accountant on clients, or demanding immediate payment. The IRS does not demand that people use a specific payment method, such as a prepaid debit card, gift card, or wire transfer. The IRS will not ask for debit or credit card numbers over the phone.

To Learn More about Tax Scams

The IRS provides a variety of consumer alerts to keep you and your business safe from scams, including those that target business emails. If you are concerned about email security at your organization, thinkCSC will provide your staff with cybersecurity end-user training . This is an important step to take in protecting your data and your organization. If you’re interested in having thinkCSC come to your organization, get in touch.