CHARLOTTE, NC (FOX 46 WJZY) - Charlotte is a "prime area" for cyber criminals to take aim during tax season, according to the IRS Acting Special Agent in Charge of Criminal Investigations in Charlotte Matthew Line.
"Nobody is exempt from this," said Line. "Charlotte itself is a large financial hub. A lot of businesses. It'll be a prime area for these cyber criminals to target."
Line sat down with FOX 46 investigative reporter Matt Grant. He says he's not surprised the Charlotte Housing Authority fell victim to a phishing scam back in January - because it's happening more and more. Hackers sent CHA employees an email, pretending to be their CEO, asking for W-2's. More than 340 were turned over containing names, addresses and Social Security numbers.
It's a scam so common, the IRS has a name for it: the Business Email Compromise. There is also a warning on the IRS website.
"Do you think it speaks to the need for more cyber security training across the board?," asked reporter Matt Grant.
"Absolutely," said Line.
There were around 900 complaints of hackers targeting businesses in identity theft phishing scams last year, according to Line. That is up from 100 the year before, he says, adding the hackers are usually sophisticated and organized.
"A lot of these are initiated from overseas," said Line. "They will send these out and try to exploit any weakness they can with any business."
Crooks sell the lucrative stolen Social Security numbers on the black market or use them to file fraudulent tax returns and get refunds from the IRS. That happened to at least one former CHA employee and will likely occur with others.
"It makes it that much harder for us to identify," said Line. "Because they're using a real person, real address, real Social Security number and your actual wages and withholdings from where you work. So it does look legitimate on the front end."
Line says the IRS is often made aware when a taxpayer goes to file a return but was told a refund already went out. The IRS can work with that individual to prevent future fraud by giving them a special PIN number for future returns as an extra layer of security.
In the case of the CHA employees, the IRS was made aware of the hack and was given Social Security numbers of employees who were affected. That allowed the IRS to flag those returns and look for anything suspicious.
But how often are the crooks arrested? If the crooks give the IRS bank account information and addresses to collect a refund, can agents use that to find them?
"We work very closely with our federal, state and local law enforcement partners to investigate and to evaluate each potential case that comes in," said Line. "We have had successes. We will continue to identify these people and go after the most egregious cases that we can."
"We can't investigate everyone," he admits. "So awareness is very important."
There are a variety of scams targeting taxpayers that pick up steam around tax season. The Business Email Compromise has been around for several years.
Line says it's important to be suspicious of emails asking for W-2's or other sensitive financial information - even if the request looks like it's coming from your boss.
"People need to be aware," said Line. "If something doesn't look right ask a question. Always verify."
Additional resources from the IRS: