IRS makes tax refund scams harder but W-2 phishing attacks continue unabated
Anti-fraud measures by the Internal Revenue Service (IRS) and state agencies over the past two years have made tax refund scams harder for cyber criminals to pull off even as attacks targeting taxpayer information continue unabated.
So far this year, at least 124 organizations have disclosed incidents in which an office worker or payroll processor inadvertently leaked employee W-2 data after being conned by a phishing email purporting to be from the CEO or other senior company official.
The biggest so far is an incident at American Senior Communities in which W-2 data belonging to 17,000 employees was compromised after a payroll processor provided the information to an offshore scammer posing as a top company executive. ASC officials discovered the leak only after several employees complained of being unable to file their 2016 taxes because someone else had already filed it.