The Internal Revenue Service, state tax agencies and the tax industry urges all employers to educate their payroll personnel about a Form W-2 phishing scam that made victims of hundreds of organizations and thousands of employees last year.
The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community. During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.
Reports to firstname.lastname@example.org from victims and nonvictims about this scam jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.
The IRS and its partners in the Security Summit effort hope to limit the success of this scam in 2018 by alerting employers immediately. The IRS can take steps to protect employees, but only if the agency is notified immediately by employers about the theft. Last year, the IRS created a new process by which employers should report these scams.
How the scam works
Best Practices for Employers
To prevent falling victim of the Form W-2 Scam, employers can:
If the business or organization victimized by these attacks notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft.
How to notify the IRS if you are a victim
The IRS established a special email notification address specifically for employers to report Form W-2 data thefts. Here’s how Form W-2 scam victims can notify the IRS:
Include the following:
Businesses and organizations that fall victim to the scam and/or organizations that only receive a suspect email but do not fall victim to the scam should send the full email headers to email@example.com and use “W2 Scam” in the subject line.
Be aware that cybercriminals’ scams are constantly evolving. Employers should be alert to any unusual requests for employee data.
Receive Free financial tips & Tax Alerts!
"*" indicates required fields
If you’re starting a business with some partners and wondering what type of entity to form, an S corporation may be the most suitable form of business for your new venture….
The new lease accounting methods have been an important topic for businesses over the last few years. Determining if an enforceable lease exists is an integral part of Topic 842…
Here are some of the key tax-related deadlines that apply to businesses and other employers during the second quarter of 2023. Keep in mind that this list isn’t all-inclusive, so…