NEW YORK – While cybersecurity should be a year-round concern for small business owners, income tax filing season can bring some particular risks, according to the IRS.
The agency says it has gotten an increase in reports of attempts to obtain employees’ W-2 forms in hopes of stealing people’s personal information and identities. The scams often go after employees in companies’ human resources and payroll departments, but any staffer or manager could be a target.
In the scam, a thief poses as a company executive, sending an email from an address that might look legitimate, and requests a list of employees and their W-2s.
Owners need to be sure that anyone with access to employee records, including W-2s, understands that they shouldn’t send the forms or staffer information to anyone without checking to be sure this isn’t an attempted scam.
For more information, visit www.irs.gov, and search for “Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.”
The IRS also warns all taxpayers about emails that look like they’re coming from the agency but that are phishing attempts aimed at getting harmful software into a PC or a server.
The emails might say that the taxpayer has a refund or that the agency needs more information. There’s likely to be a link or an attachment that the reader of the email is supposed to click on – and that’s how thieves and hackers gain entry to a computer.
The IRS does not initiate contact with taxpayers by email, text messages or social media; it sends letters by U.S. mail. Company owners and their employees need to be on guard against all kinds of phishing scams, and no one should ever click on a link or attachment until they’re completely sure the email is legitimate. And if an email says it’s from the IRS, it’s not.
Accountants and other tax professionals are also targets of thieves looking to steal personal information and identities, the IRS says. It has a page on its website devoted to providing paid tax preparers with information so they can protect themselves and their clients. The address is http://bit.ly/2Dn6oLd.