NORWALK, Conn. (CBSNewYork) — Authorities want to warn the public about a scam that’s fooling employers to target people at work.
CBS2’s Lou Young spoke with the special agent in a place you never want to be: an interrogation room at IRS criminal investigation offices in Norwalk, Connecticut.
At issue is a simple looking email that’s being sent to businesses and nonprofits requesting a full list of workers receiving a W-2 this year. It’s made to look like the boss sent it from his or her cellphone.
“You get an email that purports to be from the CEO of the company, or if it’s a school district, a superintendent — a higher level person,” Treasury agent Amy Hosney said.
It’s a phishing expedition looking for employee W-2 forms, showing up at businesses and nonprofits nationwide.
A nonprofit director in White Plains said she can see how it could work.
“I think this is really very cleverly written. I can see how people would fall for it,” Millie Jasper, of the Holocaust Information Center, said.
Federal agents first detected the scam last year, but this tax filing season the activity seems accelerated, Young reported. The IRS has a criminal investigation open out of its New England office, but the victims could be anywhere.
“One business can have hundreds or thousands of employees affected,” Hosney said. “We’re the IRS, so we’re concerned about the filing of false tax returns in the victims’ names. Once they get the stolen identities, they can do a number of things.”
Meaning the full range of identity theft crimes.
The good news is most of the attempts are being intercepted, and when it comes to phony tax returns, Uncle Sam takes the loss.
“They’ll still have to work with us to file a corrected return, and if they’re due a refund, they’ll get that refund. The government takes the loss,” Hosney said.
The goverment is asking anyone who gets one of the suspicious emails to forward it to Phishing@IRS.gov so agents can begin working on a trace.
The largest case in the area came out of Groton, Connecticut’s school district. In that case, scammers were sent the personal information of 1,300 district staff members.