IRS warns that tax season brings security risks
While cybersecurity should be a year-round concern for small business owners, income tax filing season can bring some particular risks, according to the IRS.
The agency says it has gotten an increase in reports of attempts to obtain employees' W-2 forms in hopes of stealing people's personal information and identities. The scams often go after employees in companies' human resources and payroll departments, but any staffer or manager could be a target. In the scam, a potential thief poses as a company executive, sending an email from an address that might look legitimate, and requests a list of employees and their W-2s.
Forms shouldn't be sent without checking
Owners need to be sure that anyone with access to employee records including W-2s understands that they shouldn't send the forms or staffer information to anyone without checking to be sure this isn't an attempted scam. The IRS also wants companies to report W-2 scam emails to the agency, and it also wants to know if anyone has become a victim. For more information, visit the IRS website, www.irs.gov , and search for "Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers."
The IRS also warns all taxpayers about emails that look like they're coming from the agency but that are phishing attempts aimed at getting harmful software into a PC or a server. The emails might say that the taxpayer has a refund waiting at the IRS, or that the agency needs more information from the taxpayer. There's likely to be a link or an attachment that the reader of the email is supposed to click on and that's how thieves and hackers gain entry to a computer.
The IRS does not initiate contact with taxpayers by email, text messages or social media; it sends letters by U.S. mail. Company owners and their employees need to be on guard against all kinds of phishing scams, and no one should ever click on a link or attachment until they're completely sure the email is legitimate. And if an email says it's from the IRS, it's not.