The Internal Revenue Service, state tax agencies and the tax industry urges all employers to educate their payroll personnel about a Form W-2 phishing scam that made victims of hundreds of organizations and thousands of employees last year.
The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community. During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.
Reports to firstname.lastname@example.org from victims and nonvictims about this scam jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.
The IRS and its partners in the Security Summit effort hope to limit the success of this scam in 2018 by alerting employers immediately. The IRS can take steps to protect employees, but only if the agency is notified immediately by employers about the theft. Last year, the IRS created a new process by which employers should report these scams.
How the scam works
Best Practices for Employers
To prevent falling victim of the Form W-2 Scam, employers can:
If the business or organization victimized by these attacks notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft.
How to notify the IRS if you are a victim
The IRS established a special email notification address specifically for employers to report Form W-2 data thefts. Here’s how Form W-2 scam victims can notify the IRS:
Include the following:
Businesses and organizations that fall victim to the scam and/or organizations that only receive a suspect email but do not fall victim to the scam should send the full email headers to email@example.com and use “W2 Scam” in the subject line.
Be aware that cybercriminals’ scams are constantly evolving. Employers should be alert to any unusual requests for employee data.
Receive Free financial tips & Tax Alerts!
These days, most businesses have some intangible assets. The tax treatment of these assets can be complex. What Makes Intangibles so Complicated? IRS regulations require the capitalization of costs to:…
An Alternate Valuation Date can Reduce Estate Tax Liability If you have money invested in the stock market, you’re well aware of potential volatility. Needless to say, this volatility can…
These days, most businesses buy or lease computer software to use in their operations. Or perhaps your business develops computer software to use in your products or services or sells…