Skip to Main Content

IRS Warns Restaurants About A Dangerous W-2 Phishing Scam

Wednesday, February 8, 2017
Print

The Internal Revenue Service, state tax agencies and the tax industry issued an alert today to employers that a Form W-2 email phishing scam has evolved beyond the corporate world. 

The W-2 scam is just one of several new variations that have appeared in the past year that focus on the large-scale thefts of sensitive tax information from tax preparers, businesses and payroll companies. Individual taxpayers also can be targets of phishing scams, but cyber criminals seem to have evolved their tactics to focus on mass data thefts.

According to the IRS Commissioner John Koskinen, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme’’.

How the W-2 Phishing Scam Works

Cyber criminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2.  This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).

New More Dangerous Twist

In the latest twist, the cyber criminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.

The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.

Action Steps for Employers

Organizations receiving a W-2 scam email should forward it to phishing@irs.gov and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.

Employees whose Forms W-2 have been stolen should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft. Employees should file a Form 14039, Identity Theft Affidavit, if the employee’s own tax return gets rejected because of a duplicate Social Security number or if instructed to do so by the IRS. 

RECOMMENDATIONS

•         Create an internal policy on the distribution of employee W-2 information and conducting wire transfers.

•         Carefully review any communications you receive that request a list of all employees and their Forms W-2

•         If your organization receives a W-2 scam email should forward it to phishing@irs.gov and place “W2 Scam”

Material posted on this website is for informational purposes only and does not constitute a legal opinion or medical advice. Contact your legal representative or medical professional for information specific to your legal or medical needs.

Get Started

Let Your Aspirations Set the Agenda

Grow with who you know. Reach out to us today and start the conversation, so you’re better protected and prepared for what comes next.

Talk to an Advisor

man looking left