The Internal Revenue Service recently issued a warning to employers about a W-2 Form email phishing scam. Spreading across all industry sectors, including school districts, tribal organizations and even nonprofit organizations, this scheme focuses on the large-scale theft of sensitive tax information.
 
Cybercriminals use spoofing techniques to disguise an email and make it appear as if it is coming from a top executive within an organization – often the CEO. The email is sent to an employee in the payroll or human resources departments of the company, requesting a list of all employees and their W-2 Forms. This type of scam is also referred to as Business Email Compromise, or BEC (highlighted in a post back in January of 2016).
 
In an additional twist, this scam has also been coupled with follow-up requests, from the same executive, requesting a wire transfers to an outside account. When both tactics have been combined, some companies have actually lost both employee W-2s as well as thousands of dollars to unauthorized wire transfers.
 
The IRS is requesting that organizations that receive a W-2 scam email forward it to phishing@irs.gov; placing “W2 Scam” in the subject line. In addition, organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.
 
Employees whose Forms W-2 have been stolen should review the recommended actions by the Federal Trade Commission at identitytheft.gov or the IRS at irs.gov/identitytheft.  They should also file a Form 14039, Identity Theft Affidavit, if the employee’s own tax return rejects because of a duplicate Social Security number or if instructed to do so by the IRS.

Source: Internal Revenue Service, "Dangerous W-2 Phishing Scam Evolving; Targeting Schools, Restaurants, Hospitals, Tribal Groups and Others" — IR-2017-20, Feb. 2, 2017