The Internal Revenue Service, state tax agencies and the tax industry urges all employers to educate their payroll personnel about a Form W-2 phishing scam that made victims of hundreds of organizations and thousands of employees last year.
The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community. During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.
Reports to phishing@irs.gov from victims and nonvictims about this scam jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.
The IRS and its partners in the Security Summit effort hope to limit the success of this scam in 2018 by alerting employers immediately. The IRS can take steps to protect employees, but only if the agency is notified immediately by employers about the theft. Last year, the IRS created a new process by which employers should report these scams.
How the scam works
Best Practices for Employers
To prevent falling victim of the Form W-2 Scam, employers can:
If the business or organization victimized by these attacks notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft.
How to notify the IRS if you are a victim
The IRS established a special email notification address specifically for employers to report Form W-2 data thefts. Here’s how Form W-2 scam victims can notify the IRS:
Include the following:
Businesses and organizations that fall victim to the scam and/or organizations that only receive a suspect email but do not fall victim to the scam should send the full email headers to phishing@irs.gov and use “W2 Scam” in the subject line.
Be aware that cybercriminals’ scams are constantly evolving. Employers should be alert to any unusual requests for employee data.
Receive Free financial tips & Tax Alerts!
"*" indicates required fields
With Labor Day in the rearview mirror, it’s time to take proactive steps that may help lower your small business’s taxes for this year and next. The strategy of deferring…
Do you own your principal residence? If so, you’re likely aware that you can benefit from the home’s build-up in equity, realize current tax breaks and pocket a sizable tax-exempt…
Every business needs a budget, but not every budget looks the same. Some companies have intricately detailed ones, others rely on simple templates generated with off-the shelf software, and still…