Overview
The IRS has issued an alert warning of a Form W-2 phishing scam that has spread beyond the corporate world and is now affecting a number of organizations, including nonprofits.
In the scam, cybercriminals disguise an email to make it appear to be from an organization executive. The email is sent to an employee in the payroll or human resources department, requesting a list of all employees and their Forms W-2. The cybercriminals may then use the stolen Forms W-2 to file fraudulent tax returns or for identity theft. The scam is also sometimes coupled with a request to make a wire transfer to a specified account, and some organizations have lost both their employees’ W-2 information and thousands of dollars.
The IRS reports that there has been an upswing in reports of the scam in recent days.
The IRS urges all employers to share information with their payroll, finance, and human resources employees about the scam. The IRS also recommends that employers consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.
The alert includes steps that employers can take if they see, or fall victim to, the scam. Organizations receiving a W-2 scam email should forward it to phishing@irs.gov and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3), operated by the Federal Bureau of Investigation. Affected employers should also alert state tax agencies by notifying StateAlert@taxadmin.org. When employers report W-2 thefts immediately to the IRS, the agency can take steps to help protect employees from tax-related identity theft.