Recently, the IRS has been issuing warnings about an email scam, which in the past year affected hundreds of employers and tens of thousands of employees, targeting school districts’ payroll and business offices.
Scammers send a payroll or HR employee an email that appears to come from the superintendent or other administrator within the district, requesting a list of all employees and their Forms W-2.
With the scammer posing as an administrator, the payroll or HR employee then provides the requested information and the scammers use it to file fraudulent tax returns and collect the refunds, while the district may not realize a data theft has occurred for several weeks.
The IRS is urging all employers to educate their payroll and HR departments about these scams and put protocols in place for the sharing of sensitive employee information – for example, requiring verbal confirmation from the sender of the email before responding or having two people review any request for or distribution of sensitive information.
“I’ve run across a phishing scam a few times,” ASBSD CFO Matt Flett said. “I have received an e-mail from a scammer poising as our Executive Director, Wade Pogany, asking to be wired $20,000 because he’s in an emergency.”
“Even if Dr. Pogany was being held hostage and the demand was $20,000, I still wouldn’t use a wire transfer to remedy the situation.”
Flett added that it was easy to tell it was a phishing e-mail because the e-mail address was not Pogany’s.
“The scams are easy to detect if you are careful and take your time vetting the request,” Flett said.
If your organization receives a scam email or if data theft occurs, you are encouraged to report the incident to the IRS and state tax agencies.
Detailed reporting steps and additional information may be found at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers.