The Internal Revenue Service (IRS) has issued two warnings about phishing scams that started in 2016 and are continuing into 2017. The first alert issued on 1/25/17, which was directed primarily at corporations and tax professionals, provided information about the Form W-2 scam. The second alert issued on 2/2/17, states that the scheme is not limited to corporations and tax professionals but is spreading to other sectors to include: municipalities, school districts, tribal organizations, and nonprofits. The IRS states that “this is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns.”
The IRS’s first alert describes how this scam works. Cybercriminals send an email in order to trick HR professionals and payroll representatives into disclosing information such as employee names, Social Security numbers, and income data. The emails are typically “spoofing” emails containing the actual name of the organization’s officer, requesting the information. For example an email from the “CEO” or other official requesting the information. The IRS alert includes three examples of text that may be included in the email.
- Kindly send me the individual 2016 W-2 (pdf) and earnings summary of all W-2s of our company for a quick review.
- Can you send me the updated list of employees with full details (name, Social Security number, date of birth, home address, and salary)?
- I want you to send me the list of W-2 copy of employees wage and tax statements for 2016. I need them in pdf file type, you can send it as an attachment. Kindly prepare the list and email to me asap.
The IRS’s second alert warns that the cybercriminal may follow-up with an “executive” email to HR professionals or payroll representatives asking that a wire transfer be made to a certain account. Unfortunately, some employers have lost both employees’ W-2 information and thousands of dollars due to wire transfers.
Employers should take action immediately to notify HR professionals and payroll representatives, as well as others who have access to this type of information to be on the lookout for emails requesting employees’ sensitive payroll and personal information. Employers who don’t have a written policy for handling these situations may want to create one and circulate the policy to those impacted immediately.
Employers who receive one of the phishing emails should forward the email to the IRS at firstname.lastname@example.org and place W-2 Scam in the subject line. Employers who are a victim of such scams should file a complaint with the Internet Crime Complaint Center operated by the Federal Bureau of Investigation (FBI).
For additional information on W-2 phishing scams contact us at www.newfocushr.com.
Written by: Kristen Deutsch, M.B.A., CCP