Tax season is almost done, but identity thieves are taking advantage of the remaining time to steal as much money and information as they can. Tax return fraud already has the IRS delaying taxpayer's legitimate tax refunds by weeks.
However, we're also seeing a rash of tax-related phishing attacks at major companies. In these attacks, the hackers pretend to be a company executive and just ask the accounting department for W-2s for all employees. You'd hope that wouldn't work, but it does.
Earlier this month we told you that Seagate Technologies turned over thousands of W-2s for past and current employees to scammers. However, it wasn't the first or the last.
All of the employees, 3,000 of them, of Tidewater Community College in Norfolk, Virginia, had their identities compromised after a school employee shared financial information with a scammer posing as a school administrator. That information included "Social Security numbers, 2015 earnings, withholding and deduction information."
It didn't include "address, date of birth, spouse information, banking information or email addresses." Still, the information the hackers got is just about everything they need to file fraudulent tax returns and steal the employee's refunds. The school says that 16 employees have already had this happen.
In addition to Seagate and Tidewater, Sprouts Farmers Market, which is based in Phoenix, had a similar breach in March. The payroll team compromised the 2015 W-2 information for 21,000 employees in response to an email they thought was from a senior executive. Learn how to keep this from happening at your company.