Recently the Internal Revenue Service (IRS) and other agencies issued an alert on a W-2 phishing scam. The original target was for profit businesses. Now nonprofits are being targeted as well. The criminals prefer to target organizations instead of individuals, because they may obtain sensitive information on a much larger scale.
The alert states that cybercriminals disguise an e-mail to appear to be from an organization executive to an employee in human resources or the payroll department. The false e-mail requests a list of all employees and their Form W-2’s.
Organizations may want to consider encouraging verbal confirmation by phone or in person of requests for sensitive information instead of relying solely on e-mail. Also, there should be policies on keeping sensitive information in electronic format encrypted, especially if being sent in an e-mail.
The full scam alert issued by the IRS is available here.
If you have questions or would like additional information, please contact one of RubinBrown’s Not-For-Profit Services Group professionals.
Any federal tax advice contained in this communication (including any attachments): (i) is intended for your use only; (ii) is based on the accuracy and completeness of the facts you have provided us; and (iii) may not be relied upon to avoid penalties.
All Not-For-Profit News Not-For-Profit Overview