Federal reminder about W2 tax scams
With the federal tax deadline coming up, the IRS and U.S. Department of Education want schools to watch out for scams regarding taxes.
Far from just affecting individuals, schools face greatly increased threats of business email compromise, phishing, and phone scam calls. More than half of U.S. organizations experienced a successful phishing attack of one type or another in 2021. Tax season is one of the most active times for social engineers and cyber-criminals. Schools should be extra cautious during this time to spot potential attacks before they result in a data breach. Here are some tips to help your organization reduce the risk of W2 scams and other tax fraud scams:
- Good Cyber Hygiene: Train staff to verify email addresses, not just look at the name that is displayed. Never click on links or open attachments that seem out of place or come from untrusted sources… when in doubt, report to your IT security team for help.
- Verify Requests for Employee Data: Create a system for validating the authenticity of requests for sensitive information by side-channel verification by calling the requester or using specific predetermined PIN codes known only to the parties involved to validate the request is legitimate.
- Be Ready: In addition to annual awareness training, publicize ways employees can contact IT security help, report suspicious activity and suspected incidents, and have a well thought out Incident Response Plan and process ready to react if an event were to occur.
- Report: If your organization is the victim of a breach involving tax information, notify the IRS at dataloss@irs.gov and provide the relevant information, as described on their Form W-2/SSN Data Theft page.
If you have questions about these best practices, require technical assistance, or wish to report an incident, consider contacting the U.S. Department of Education’s Privacy Technical Assistance Center (PTAC) at PrivacyTA@ed.gov or by phone at 1-855-249-3072. You can also access a wide variety of resources on the topic of privacy and data security at their Student Privacy website.
Need more information or have questions? Please contact STARSHelp@state.sd.us.