If you tend to ignore your work inbox because your email is already mounting, you may want to take a closer look to see if you’re getting scammed.
The Internal Revenue Service announced last week a new scam that might be in your email inbox.
“The scammer poses as an internal executive requesting employee Forms W-2 and Social Security Number information from company payroll or human resources departments,” the IRS says. “They may even send an initial ‘Hi, are you in today’ message before the request.”
The good news is that the IRS already has protocols in place to keep you safe, even if you’ve gotten this email already. “If notified in time, the IRS can take steps to prevent employees from being victimized by identity thieves filing fraudulent returns in their names,” the IRS says.
If you want to see if you’ve gotten this new email scam, look for the signs.
“Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive,” the IRS says. “The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).”
If you’re reporting your data loss to the IRS, remember that the government agency doesn’t initiate contact with taxpayers via email, text, or social media, but they will respond to contact from you. If you reach out to firstname.lastname@example.org with all the necessary information, they’ll get back to you in a reasonable amount of time. But keep in mind that anyone that reaches out to you first that claims they are from the IRS, it’s probably a scam.
What you should do if your information has been stolen
Before a compromise even starts, look to creating an action plan that outlines what you’ll do in case of a cybersecurity attack.
If you’ve already experienced an attack, contact your state Attorneys General as well as the Federation of Tax Administrators at StateAlert@taxadmin.org. Also reach out to online security experts and your insurance company, the IRS says.
The IRS also suggests reaching out to the Federal Trade Commission, ID theft protection agencies, the major credit bureaus, and any clients you have to alert them of the breach with the notion that they might be affected as well.