Home > Property & Casualty > Scammers are phishing for tax refunds

Scammers are phishing for tax refunds

W2At least a dozen companies have recently been tricked into sending employees’ W-2 Forms to unknown third parties in response to email requests that appeared to be from others within the corporate network.   The immediate goal of the scammers is apparently to file fraudulent tax returns in the name of the victims and seek large refunds. W-2s contain almost all the information they need.

Tax refund fraud a growth business. The FTC has indicated that it is largely responsible for last year’s dramatic increase (nearly 50%) in complaints of consumer identity fraud.  Scammers seeking fraudulent tax refunds even stole sensitive data of about 330,000 people from the IRS’s own website.

For corporate security professionals now accustomed to dealing with wire transfer fraud, tax refund scams incorporate a disturbing new twist.  In wire transfer scams, recipients of the scamming email are asked to send money by clicking on an embedded link — two behaviors (sending significant amounts of money to a third-party, and clicking on an embedded link) that seem relatively easy to change through training. In tax refund scams, recipients are asked to send internal corporate documents to an apparent colleague within the corporate network.  Such requests are common and do not necessarily trigger caution. We may be approaching the time when employees are required to confirm by independent methods (not via “Reply”) all requests for sensitive data.

The compromise of Social Security numbers is considered particularly dangerous to the victims. Social Security numbers have an intimate lifelong link to particular individuals and are used in sensitive matters such as financial transactions and healthcare. Many companies hit by tax refund scams are offering at least two years’ of credit monitoring or identity theft protection to the affected individuals. While this may be helpful, it has been noted (see Brian Krebs’ excellent Krebs on Security blog) that such services do not protect against tax refund fraud. It is also noteworthy that most cyber insurance policies offer only one year of credit monitoring or identity theft protection.  Nefariously savvy scammers often “sit” on especially valuable stolen data such as SSNs for more than the one-year period covered by such policies. Companies may want to consider discussing with their insurers the option to offer lengthier protection if Social Security numbers are compromised. Arthur J. Gallagher & Co. has a variety of resources on our website to help start the conversation with your broker.


About the Author

John_DoernbergJohn Doernberg is an Area Vice President at Gallagher working in the cyber liability practice. He works with inside and outside counsel as a Claims Advocate for Gallagher clients on policy negotiation and the handling and settlement of claims. He also a resource on privacy, information security and risk management issues. Prior to becoming an insurance broker in 1995, he practiced corporate law in New York and Boston for 12 years.

617.646.0336 | John_Doernberg@ajg.com | Connect with John via LinkedIn

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s