Business As We See It October (B) 2017

Blog Layout

Business As We See It October (B) 2017

September 19, 2017

The Ins and Outs of W-2 Phishing Scams

A growing number of businesses have been victimized by W-2 phishing scams. In a traditional phishing scam, a criminal tricks someone into providing confidential information, and then uses it to steal money and/or the victim’s identity. The W-2 phishing scam is a variation on this.

How it Works

In a W-2 phishing scam, cybercriminals send emails to a company’s employees — typically in payroll, benefits or human resources departments — that claim to be from the company’s management. The emails request a list of employees along with their W-2 forms, Social Security numbers or other confidential data.

Here are some examples straight from the IRS:

“Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

“Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).”

If the employee responds, criminals can use this information to file fraudulent tax returns in the employees’ names, seeking refunds.

The scam is particularly nefarious because the employees it targets probably believe that, in complying with the emailed instructions, they’re doing exactly what they’re supposed to. Moreover, at first glance, the emails typically appear legitimate. Many contain the company’s logo and the name of an actual executive, typically gleaned from publicly available information.

The increasing number of such scams prompted the IRS to issue an alert in 2016: “IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s.”

Education is Key

While these scams have become more prevalent, businesses can take steps to reduce their risk. Because the scams target humans, rather than the technology itself, education is key. Inform all employees, and particularly those in areas that handle sensitive data, of the scams. Remind them not to click on links or download attachments from emails that were unsolicited or sent by those they don’t know.

Employees often are nervous about questioning a request that appears to come from upper management, so encourage employees to double-check any request for sensitive information, no matter who appears to be making it. They should do this not by responding to the email in question, but by talking with a trusted supervisor or colleague.

Don’t Fall Victim

Technology has a role to play as well. Install robust antivirus and spam filters and keep them updated. With sensible precautions, businesses can reduce the risk of falling victim to W-2 phishing scams.

< Older Post

Newer Post >

This material is generic in nature. Before relying on the material in any important matter, users should note date of publication and carefully evaluate its accuracy, currency, completeness, and relevance for their purposes, and should obtain any appropriate professional advice relevant to their particular circumstances.

BOI Injunction Lifted

By Katrina Arona • February 19, 2025

The Corporate Transparency Act (CTA) which took effect on January 1, 2024 required "reporting companies" in the United States to disclose information about their beneficial owners to the Treasury Department's Financial Crimes Enforcement Network (FinCEN). In May 2024, a lawsuit was filed claiming that Congress exceeded its authority under the Constitution in passing the CTA. Background: December 3, 2024 in the Texas Top Cop Shop, Inc., et al. v. Merrick Garland, Attorney General of the United States, et al., Judge Amos Mazzant of the United States District Court (Eastern District of Texas/Sherman Division) issued a preliminary nationwide injunction barring the enforcement of the Corporate Transparency Act (CTA). December 23, 2024 the Nationwide Injunction is lifted and filing deadlines are reinstated. Financial Crimes Enforcement Network of the U.S. Department of Treasury (FinCEN) may again enforce the CTA. FinCEN has not extended any filing deadlines. Therefore, all reporting companies should file immediately any beneficial ownership information reports (BOIRs) that were already due, and reporting companies formed prior to 2024 should file their BOIRs by January 13, 2025 (extended from January 1, 2025). December 27, 2024 the federal appeals court on Thursday reinstated a nationwide injuction halting enforcement of beneficial ownership information (BOI) reporting requirements, reversing an order the same court issued earlier this week. FinCEN issued an updated alert on its BOI information page , saying that companies can voluntarily submit BOI reports. February 7, 2025 FinCEN will consider changes to the BOI reporting requirements if a court grants the government's request for a stay of a nationwide injunction in a Texas case, according to a motion filed Wednesday, February 5th. If the stay is granted, FinCEN will extend BOI filing deadlines for 30 days, the government said in its filing in Samantha Smith and Robert Means v. U.S. Department of the Treasury, No. 6:24-CV-336 (E.D. Texas 1/7/25). BOI reporting is currently voluntary, pending further legal developments. Businesses and stakeholders should stay alert for additional updates as the situation evolves. Current Status: February 18, 2025 A federal court lifted the last remaining nationwide injunction stopping BOI reporting requirements. FinCEN which enforces BOI requirements under the CTA said it would extend filing deadline for initial, updated, and/or corrected BOI reports to March 21. However, reporting companies that were previously given a deadline later than March 21 may file their initial BOI report by that later deadline. Resources for consideration: March 21 BOI reporting deadline set; further delay possible BOI Injunction Lifted FinCEN BOI Center

BOI Reporting Update

By Katrina Arona • February 12, 2025

February 7, 2025 FinCEN will consider changes to the BOI reporting requirements if a court grants the government's request for a stay of a nationwide injunction in a Texas case, according to a motion filed Wednesday, February 5th. If the stay is granted, FinCEN will extend BOI filing deadlines for 30 days, the government said in its filing in Samantha Smith and Robert Means v. U.S. Department of the Treasury, No. 6:24-CV-336 (E.D. Texas 1/7/25). BOI reporting is currently voluntary, pending further legal developments. Businesses and stakeholders should stay alert for additional updates as the situation evolves