The IRS, state tax agencies and the tax industry issued an urgent alert to employers that an email scam involving Form W-2 content is spreading. Scammers are attempting to steal employee W-2 information by targeting payroll or human resource departments.
Here’s how the scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns,’’ said IRS Commissioner John Koskinen.
The latest twist to this scam is a follow-up email where a cybercriminal, disguised again as a company executive, requests a payroll clerk or comptroller to complete a wire transfer. Some companies have been hit with both these scams so they appear to be connected.
Employers are encouraged to create an internal policy on the distribution of employee W-2 information and wire transfers.
Steps Employers Can Take If They See the W-2 Scam
Organizations receiving a W-2 scam email should forward it to
phishing@irs.gov and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3), operated by the Federal Bureau of Investigation.
Employees whose forms W-2 have been stolen should review the recommended actions by the Federal Trade Commission at
www.identitytheft.gov or the IRS at
www.irs.gov/identitytheft.