Staff members, in both instances, reportedly received fraudulent emails from an address similar to that of their chief supervisor. The emails, typically sent to human resource and payroll divisions, request wage information and Form W-2s for all employees.
Any recipient who replies to the email and sends the information as requested, unknowingly turns over that data to the perpetrator, who then uses the Form W-2s to file false tax returns.
“Tax season is upon us, and scammers are ready to pounce,” Morrisey said in a press release. “Everyone must be careful and closely examine any request for employees’ Form W-2. Check, double and triple check any such email to make sure it’s legitimate.”
The Attorney General’s Consumer Protection Division learned of two data breaches in southern West Virginia. The impact has been limited to those employed by the entities, and both report having taken steps to notify those affected.
Media reports indicate similar instances across the nation. The Internal Revenue Service reports the scam targets schools, restaurants, hospitals, tribal groups and nonprofits.
Anyone receiving a tax-related email must closely examine the email address.
Oftentimes, the fraudulent email will include a slight variation from the legitimate address.
Recipients also are urged to contact their supervisor by phone or in-person to verify the request.
Beyond those tips, recipients should never hit reply if there is the slightest bit of concern.
Anyone who believes they have received such an email or believes their information to have been compromised is asked to contact the Attorney General’s Consumer Protection Division at 1-800-368-8808 or visit the office online at www.wvago.gov.