New phishing schemes emerged at the end of 2018, and this one specifically targets payroll and human resources professionals.
According to the IRS, investigators are seeing more advanced scams aimed at professionals who have access to personal and financial information within their companies. They even have specific names for these: business email compromise (BEC) or business email spoofing (BES).
Both involve emails. The criminals may pose as a business asking the recipient to pay a fake invoice, or as an employee asking payroll to re-route a direct deposit. They may also pretend to be a trusted individual asking to initiate a wire transfer.
Criminals may use the email credentials from a successful phishing attack, to send phishing emails to all of the victim’s email contacts.
The IRS warned of the direct deposit variation of the BEC/BES scam in December 2018.
How to Report
These phishing schemes should immediately be reported to the Internet Crime Complaint Center (IC3). Any scams that involve IRS information or an organization closely linked to the IRS, such as the Electronic Federal Tax Payment System (EFTPS), should go to firstname.lastname@example.org.
To learn more, visit the Report Phishing and Online Scams page on IRS.gov.