It’s been a busy tax season for scammers bent on exploiting small businesses. Phishing campaigns that mention Employer Identification Numbers (EINs), tech support, and more are trying to lure you and your precious data to them.
MalwareBytes has alerted small businesses about a scam that is seemingly offering help in applying for an IRS EIN/Federal tax ID number. The scam targets self-employed or small business owners who have not applied for an EIN before. The victims are directed to a form that asks for sensitive information, including Social Security Numbers (SSN).
“And if that wasn’t serious enough, the scammers have the audacity to charge you for the tax ID number, even though applying for an Employer Identification Number (EIN) is a free service offered by the Internal Revenue Service (IRS),” writes MalwareByte’s Pieter Arntz.
The IRS recently announced that small businesses and tax professionals continue to be targets of Form W-2 scams “where identity thieves try to trick company leaders into sharing sensitive data.” Scammers suggest their targets falsely report significant income and withholding figures as well as the employer it’s coming from, instructing them to file the bogus tax return electronically in hopes of getting a substantial refund. Similar schemes involve credits for sick and family leave. More details from the IRS here.
Another W-2-related scam involves impersonating a high-ranking company executive to email payroll employees, asking for a list of employees and their W-2s.
“They use email spoofing and social engineering techniques to prime the conditions for the victim to make a critical mistake. Most scams come from a personal email address like Gmail and include a subject line like “tax help” or ‘W2 request.’ If the victim complies, the hacker can sell the stolen W-2 on the black market or use it for identity theft,” explains Adrien Gendre, Chief Tech and Product Officer at Vade Secure. The company detected a more than 130% increase in such attacks between December 2023 and January 2024.
The IRS published new tips to help small businesses avoid these and other tax scams. They include watching out for red flags like grammatical oddities and suspicious requests. It’s also vital to follow best practices regarding cybersecurity and educate employees about potential threats. Finally, pay attention to unexpected communication from the IRS, which could include a rejection notice for a return you filed or notices about a tax return or Forms W-2 that you didn’t file. Follow this link for the complete list of suggestions from the IRS, and feel free to contact us with questions.