The Internal Revenue Service, state tax agencies and the tax industry urges all employers to educate their payroll personnel about a Form W-2 phishing scam that made victims of hundreds of organizations and thousands of employees last year.
The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community. During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.
Reports to firstname.lastname@example.org from victims and nonvictims about this scam jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.
The IRS and its partners in the Security Summit effort hope to limit the success of this scam in 2018 by alerting employers immediately. The IRS can take steps to protect employees, but only if the agency is notified immediately by employers about the theft. Last year, the IRS created a new process by which employers should report these scams.
How the scam works
Best Practices for Employers
To prevent falling victim of the Form W-2 Scam, employers can:
If the business or organization victimized by these attacks notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft.
How to notify the IRS if you are a victim
The IRS established a special email notification address specifically for employers to report Form W-2 data thefts. Here’s how Form W-2 scam victims can notify the IRS:
Include the following:
Businesses and organizations that fall victim to the scam and/or organizations that only receive a suspect email but do not fall victim to the scam should send the full email headers to email@example.com and use “W2 Scam” in the subject line.
Be aware that cybercriminals’ scams are constantly evolving. Employers should be alert to any unusual requests for employee data.
Receive Free financial tips & Tax Alerts!
Here are some of the key tax-related deadlines affecting businesses and other employers during the third quarter of 2022. Keep in mind that this list isn’t all-inclusive, so there may…
Creating a budget is a crucial task for any business. It helps owners, executives, and managers estimate revenues and expenses, set goals, and closely monitor costs throughout the year. Of…
Unless you specialize in tax law, you’re probably not an accounting expert, but understanding accounting basics can help lawyers ensure their legal practice complies with ethics rules and accounting regulations….