The IRS is warning district officials: Be wary of phishing scams targeting tax forms and other sensitive employee data. Over two dozen school districts have fallen victim to these attacks in recent months, the IRS says.
CoSN and ASBO International were among the agencies that received alerts from the IRS, asking them to warn members to be aware.
IRS Commissioner John Koskinen said in a recent statement that the attacks were among “the most dangerous email phishing scams we’ve seen in a long time” in that they can result in “large-scale theft of sensitive data” that criminals can use to commit crimes, including filing fraudulent tax returns.
The phishers are not just targeting schools, but also hospitals and restaurants, says John Musso, executive director of ASBO International. “Normally, the IRS doesn’t get in the middle of something like this unless it’s widespread” Musso says.
The scam is simple: A district employee, often in the payroll or human resources department, receives an email from what looks like a central office administrator, asking for employees’ W2 forms and personal or financial information. But the email comes from a bogus account created by a criminal looking to misuse the data.
How to avoid getting scammed
Inspect the email address of the sender carefully to see if there’s a small misspelling or just one letter off in the domain name. And if the email asks for an “urgent” response or claims “this is your last chance” be wary.
If in doubt, check with your own IT department or the person who allegedly sent the email to verify if it’s an authentic request, says Marie Bjerede, principal of mobile learning and infrastructure at CoSN. Report any suspicious activity to your IT department, she suggests.
Musso cautions that cybercriminals constantly change, and often enhance, their techniques for stealing data. “The important piece to remember in all of this is that these individuals are getting smarter Á¶ and the information they are going after is at a higher level” in terms of sensitive information, he says.
Report phishing scams to the IRS and learn more information at the Anti-Phishing Working Group.
Angela Pascopella is managing editor.