21 Feb IRS Warning – W-2 Scam
Scam Targets Taxpayers’ Personal Information
The Internal Revenue Service (IRS) has renewed its warning about an email scam that uses a corporate officer’s name to request employee Forms W-2 (and other sensitive employee information) from company payroll or human resources departments.
The W-2 scam first appeared last year. Cybercriminals tricked payroll and human resources officials into disclosing employee names, Social Security Numbers (SSNs), and income information. The thieves then attempted to file fraudulent tax returns.
The IRS already has received new notifications that the email scam is making its way across the nation for a second time. The IRS urges company payroll officials to double check any executive-level or unusual requests for lists of Forms W-2 or SSNs.
This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer (CEO). In this variation, the “CEO” sends an email to a company payroll office or human resources employee and requests a list of employees and information, including SSNs.
The following are some of the details that may be contained in the emails:
- Kindly send me the individual 2016 W-2s (PDFs) and earnings summary of all W-2s of our company staff for a quick review.
- Can you send me the updated list of employees with full details (names, SSNs, dates of birth, home addresses, and salaries)?
- I want you to send me the lists of W-2 copies of employees’ wage and tax statements for 2016. I need them in PDF file type—you can send them as attachments. Kindly prepare the lists and email them to me ASAP.
The IRS, state tax agencies, and the tax industry are engaged in public awareness campaigns (for both taxpayersand tax professionals) to encourage businesses to do more to protect personal, financial, and tax data. IRSPublication 4524 features additional steps you can take to protect your business.