Just In Time For Tax Season, A New Cyber Phishing Scam
Sonora, CA – Various officials are warning folks of several specific scams.
As the April 15 tax deadline looms the IRS and leading credit agencies report that it is generally accompanied by a huge spike in phishing and malware scams — last year’s was a 400 percent surge.
According to Tuolumne County Sheriff’s spokesperson Sgt. Andrea Benson, a devious new ploy targets HR and other administrative departments by compromising a CEO or company executive’s email and then making it seem like that person is emailing what might appear to be a timely request for W-2 forms and employee records.
Employment documents provide a wealth of personal information in addition to names and addresses, like Social Security numbers and wages. Armed with this information scammers are potentially able to file fake tax returns using victims’ information and steal their refunds. The personal data may also wind up for sale on the dark web. Subsequently, victims might — insult to injury –learn of the tax return fraud if they file later than the perpetrators and have their legitimate claim rejected by the IRS.
School Districts, Healthcare Agencies, Nonprofits Among The Targeted
Sgt. Benson states, “The IRS issued an urgent alert regarding these types of scams, noting cyber criminals are starting to combine the W-2 phishing scam with the wire transfer fraud. Once the HR department sends over the W-2 data requested, the phishers will email the payroll or finance department asking for a wire transfer to be completed. The IRS notes that the range of targets for these attacks is only increasing. Phishers are targeting school districts, healthcare organizations, chain restaurants, staffing agencies, and non-profits.”
She suggests that businesses and employees alert their HR departments to be on the lookout for any requests for W-2 information or other requests that might be fraudulent. The IRS requests W-2 scam emails be forwarded to email@example.com and that the subject line be modified to read: W-2 Scam.
Administratively, policies against sharing sensitive data such as W-2 forms via unencrypted email should be enforced in order to prevent these kinds of crimes from being carried out. A further inhibitor might be to require that employees verify the legitimacy of emails requesting such data with the sender by calling a known phone number associated with that person.
Heads Up PG&E Customers
PG&E in California points out recent fraudulent activities across the state where scammers, posing as company representatives, have been targeting customers in at least three ways.
The first two are through phishing activities by email and phone. Using the PG&E company name, scammers aggressively seek utility payments while also attempting to trick customers into providing personal data. Too, be aware that in-person imposters going door-to-door, while pretending to be utility workers for the utility, use the ruse to gain entry to peoples’ homes.
Senior Manager Dave Meier, of the PG&E Stockton Division stresses that any PG&E customer who may have experienced any such activities should immediately report it by calling 1-800-PGE-5000. He emphasizes, “During tax season, scammers email messages with false tax refund documents…awareness is the best defense, so we are asking our customers to stay alert and contact us if anything seems suspicious.”
When In Doubt, Report It
Meier adds that scammers are getting more and more sophisticated every day. “From phishing emails to fake postings on social media, cybercriminals are constantly finding new ways to separate us from our personal information…we are asking our customers to practice good cyber-awareness and to call us directly if they receive any suspicious online communications claiming to be from PG&E.”
PG&E maintains that its employees do not idly make door-to-door visits. Too, if you have an appointment with the utility you will receive a call within 48 hours prior to a scheduled visit. Employees always carry their company identification and are ready to show it upon request.
The company will never ask for personal information or a credit card number over the phone. If you receive an unexpected email that claims to be from PG&E, do NOT click on any links or provide any personal information. Instead, report the email by calling 1-800-PGE-5000.