The Division of Local Government Services would like to make you aware of cybercriminal activities that we have become aware of in New York State. Please pass this on to pertinent departmental professionals and community/business leaders in your area. This email contains information on particular scams and how to report your concerns if you feel you have been targeted.
Scammers Renew Scheme Targeting Payroll and HR Professionals
Cybercriminals posing as company executives are emailing payroll and HR professionals to request lists of employees and their personal information. This time, the scammers are expanding their reach to other industries, including school districts, tribal organizations, and nonprofits.
These emails may appear legitimate because they contain the name of the company’s chief executive officer. However, if you receive such an email, don’t include any payroll data, such as W-2 forms and Social Security numbers, in a response.
The Tax Department is aware of at least 37 businesses with New York employees that have fallen for this scam and believes more than 5,000 Social Security numbers may have been compromised. The Tax Department is in contact with those businesses and is working with them to protect their employees.
If you’re an employer that has been a victim of this scam and, in response, released any payroll data, such as W-2 information and Social Security numbers, see Guidance for employers affected by a W-2 phishing scam for instructions.
Spear-Phishing Scheme Targeting Practitioners
This scheme is present throughout the tax practitioner community. It’s committed by scammers who represent themselves as Fastsupport.com or Onlyforsupport.com. They’re contacting practitioners after they’ve identified which IRS-authorized e-file provider, or Electronic Return Originator, the practitioner uses to transmit returns.
The caller, falsely claiming to work on behalf of the ERO, suggests the need to reinstall or correct problems with the practitioner’s software. The caller asks the practitioner to connect to their website and provide the passcode and access to the practitioner's computer. If the practitioner complies, the scam artist can steal sensitive client information to commit fraud.
An ERO is an e-file provider authorized by the IRS to submit tax returns for processing.
Cybercriminals Pose as Clients to Solicit Services from Tax Professionals
In a nationwide phishing scheme, scammers are targeting tax professionals to obtain their preparer information and prepare fraudulent returns. These scammers typically send tax professionals two emails: in the first, a “client” requests tax preparation assistance; in the second, scammers provide a link or attach a PDF that contains a link that allows them to steal the tax preparer’s email address and password.
If you receive a suspicious email, such as one from an unknown sender, don’t select any links or open any attachments contained in the email. This is the scammer’s entry into your computer, exposing you to malware. This could allow the cybercriminal to capture sensitive information without you even knowing that you’ve been compromised.
Phishing Email with the Subject Line “Mails on Hold!” Targets Tax Professionals
Some tax professionals have received emails that appear to be from the IRS or the IRS e-Services team with the subject line “Mails on Hold!” These emails may include references to IRS personnel or PTINs, but they aren’t from the IRS.
If you receive an email with this subject line, don’t select any links or open any attachments contained in these emails. Again, this could provide access into your computer, exposing you to malware and leaving private information vulnerable.
Protecting Yourself and Your Clients
Tax professionals must protect their clients’ personal information by only providing it to trusted sources such as the IRS and the NYS Tax Department. This includes shredding documents containing private data before discarding, and filing a client’s tax return early to reduce the timeframe an identity thief would have to claim a fraudulent tax refund using their information.
The NYS Tax Department and the IRS will never make threats over the phone and will never request personal or financial information by email.
If you’ve been contacted by a scammer posing as an IRS agent, you must contact the IRS. Learn how to report the incident here.
If you’ve been contacted by a con artist claiming to be from the New York State Tax Department, visit the Tax Department’s Report fraud, scams, and identity theft webpage to learn how to report it. The Tax Department promptly reviews each complaint and takes corrective action when appropriate.