Published February 14, 2017
The Internal Revenue Service (IRS) has issued a warning about a phishing scheme in which scam artists are requesting W-2 information from payroll and human resources employees by representing themselves as university presidents.
There is an uptick in phishing messages during tax season, when cybercriminals use confusion over tax forms to deceive people into sharing sensitive personal data. Now some of these scam artists are focusing their attacks on payroll and human resource professionals, using phishing emails that look something like this:
[Finance Person’s First Name]
Kindly send me the list of W-2 copy of all employees wage and tax statements for 2016 for a quick review. I need them in PDF file type. You can send it as an attachment.
[President’s First and Last Name]
If you receive a request to email W-2 Forms or other payroll data to someone who appears to be UB President Satish Tripathi, do not respond. Instead follow these steps and alert your supervisor immediately.
Employees should be wary of any email requesting payroll data, Social Security numbers or other personally identifiable information. Criminals use this stolen information to engage in identity theft and tax refund fraud.
Phishing emails might also ask for information related to filing status, refunds, ordering transcripts, confirming personal information, and verifying PIN information.
No matter who the sender appears to be, you should always consult your supervisor to confirm the legitimacy of a request for sensitive, work-related information—and remember that email is almost never secure, and should rarely be used to transmit this kind of information.
It’s important to keep in mind that the theft of your UBITName and password could put your social security number at risk.
“If you are a student and someone has your UBITName and password, they can log into your HUB account and see your social security number in clear text,” explains Senior Information Security Analyst Dr. Catherine J. Ullman. “If you’re a faculty or staff member and you set up NYS Payroll Online, your UBITName and password can give someone access to your W2 form.”
That’s why it’s more important than ever to keep your UBITName password secure.