Beware of the New Form W-2 Email Phishing Scam

By: Tamara Pow , Esq.

On February 2 nd , 2017, the Internal Revenue Service, state tax agencies, and the tax industry sent out an urgent alert to all employers regarding a recent spike in cases of the Form W-2 email phishing scam that is now spreading beyond the corporate world, affecting school districts, nonprofit organizations, tribal casinos and organizations, chain restaurants, temporary staffing agencies, healthcare, and numerous other sectors.

In addition to this recent, dangerously updated scam, the W-2 scammers are combining their scheme to steal employee W-2 information with an older scheme on wire transfers that is attacking some organizations more than once.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,” said IRS Commissioner John Koskinen.

The Form W-2 phishing scam works through cyber criminals using various spoofing techniques to disguise an email to appear as if it is from an organization executive or corporate officer, using their name. This email is sent to an employee in the Payroll or Human Resources departments, requesting a list of all employees and their Forms W-2. The details within these emails may look like this:

  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review
  • Can you send me the updated list of employees with full details (Name, SSN, Date of Birth, Home Address, Salary)
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap

In the latest twist, cyber criminals are following up with emails from an “executive” to the payroll or comptroller asking that a wire transfer also be made to a certain account. As a result, some companies have lost both employees’ W-2 information and thousands of dollars due to wire transfers. Various businesses that had received this specific version of email phishing scam last year, when it first appeared, are reportedly receiving it again this year.

Employers should immediately report W-2 thefts to the IRS. This will allow the IRS to take steps to help protect employees from tax- related identity theft. The Security Summit, a partnering of federal and state tax agencies, have enacted numerous safeguards in 2016 and 2017 to identify fraudulent returns filed through scams. As the Security Summit partners make progress, cyber criminals need more data to mimic real tax returns.

Company payroll officials should confirm in person any executive-level requests or generally unusual requests for lists of Forms W-2 or Social Security numbers. Organizations that have received a W-2 scam should forward it to both phishing@irs.gov and state tax agencies at StateAlert@taxadmin.org . Companies that have received or fallen victim should file a complaint with the Internet Crime Complaint Center (IC3), which is operated by the FBI. We urge all employers to share information with their Payroll, Finance, and Human Resources employees about this W-2 scam and wire transfer scam. Employers should have an internal policy, regarding the distribution of employee W-2 information and conducting wire transfers.

Employees whose Forms W-2 have been stolen should review recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft . Employees should file a Form 14039, Identity Theft Affidavit, if their tax return is rejected due to a duplicate social security number or if instructed to do so by the IRS.

The Security Summit, a partnering of Federal and state tax agencies supports a national taxpayer awareness campaign called “Taxes.Security.Together.” and a national tax professional awareness effort called “Protect Your Clients: Protect Yourself.” Both offer simple tips that can help make data more secure. Employees, employers, and individual taxpayers and tax professionals may also check out:

  • IRS Security Awareness Tax Tips
  • Publication 4524, Security Awareness for Taxpayers
  • Publication 4557, Safeguarding Taxpayer Data
  • The Security Summits’ Fact Sheet 2016-21
  • The Social Security Administration

SEND US A MESSAGE