The IRS Online Fraud Detection & Prevention Center (OFDP), which monitors for IRS-related phishing attacks, said it has detected an increase in compromised emails, starting in January 2017. It says cybercriminals are aiming for mass data theft in addition to targeting individual taxpayers.
Their most common tactic is impersonating an executive with a compromised email, which is sent to a human resource professional within the same business to request W-2 information. OFDP officials say this is one of several new variations of phishing campaigns targeting W-2 data, an sign of criminals' growing interest in sensitive tax information.
Businesses are urged to limit the number of employees who handle wire transfers, adopt multifactor authentication to verify requests for W-2 information, and use verbal confirmation for data change requests. Those hit with these attacks should report data loss to the IRS, state tax agencies, and the FBI's Internet Crime Complaint Center. Suspected phishing emails should also be reported to the IRS.
Read more details here.