W-2 formsAquarena Springs in San Marcos, Texas, was famous in its heyday, part of which just happened to coincide with my youth, as a wonderful water park. No visit to relatives in nearby San Antonio was complete until we headed to Aquarena to ride in a glass-bottom boat, marvel at the mermaids and cheer Ralph the swimming pig as he made his famous swine dive.
The park is gone, replaced by a water research program under the auspices of Texas State University, or Southwest Texas State as it was known when I was a kid. I’m delighted that the school was able to integrate the boats that let you peer down at the fishy inhabitants of the clear spring-fed lake into its scientific mission.
So it’s perversely fitting that 803 San Marcos residents — the human, not gill-breathing ones — were caught in a tax phishing scam.
W-2 tax scam nets new victims: The confidential personal and financial information of current and former City of San Marcos employees was compromised on March 13 when a municipal payroll employee sent the data in response to what appeared to be request from the mayor.
In this scam, which has been around for a year or so, tax identity thieves pose as company, or in this case local government, big wigs and send official looking fake messages under that guise. The message from the purported boss asks that the human resources or payroll staffer send back all the firm’s (city’s) employee data, including the latest W-2 forms.
These tax documents, which contain the workers’ addresses and, most importantly, their Social Security numbers, is then used by the cyber crooks to file fake federal returns seeking fraudulent tax refunds.
The San Marcos scam was discovered after some of the unknowingly victimized city employees reported that their efforts to file their taxes was rejected by the Internal Revenue Service. The reason? The IRS told them they had already filed their 1040s.
Filing season resurgence: The IRS issued a warning just as the 2017 tax filing season began about the resurgence of this fake CEO phishing scheme. In that alert, the agency noted that the W-2 seeking scam, which was initially aimed at the corporate sector, had spread to other large institutional targets, such as school districts, tribal organizations and nonprofits.
Last May, the National Basketball Association’s Milwaukee Bucks team fell victim to the tax document scam. Yes, the tax data of professional basketball players was stolen.
More recently and closer to San Marcos, crooks posing as the superintendent of the Belton, Texas, school district obtained W-2 forms for around 1,700 of the system’s employee.
And in November 2016, the El Paso Times reported that officials of that Texas-Mexico border city sent $3.2 million intended for a city project contractor to fraudulent bank accounts after being duped in a phishing scam.
Given that the W-2 phishing scheme is still out there and apparently still succeeding, be extra careful this filing season. If you get what appears to be a questionable or unusual email from your boss, don’t do anything until you check with her or him in person.
The extra scam prevention care — not just during tax filing season, but year round — could save you, your boss and your coworkers a lot of identity theft and tax fraud grief.
You also might find these items of interest:
- Watch out for the Dirty Dozen tax scams of 2017
- March arrives not as lion or lamb, but as a fish phish
- Phishing criminals pose as potential tax clients to infiltrate tax preparers’ systems and steal data