W-2 Phishing Scam Becoming More Dangerous, IRS Says

Feb 3rd 2017
Share this content

The IRS, state tax agencies, and the tax industry issued an urgent alert on Feb. 2 to warn that the widely known W-2 phishing scam affecting corporations has now expanded to target school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare facilities, and shipping and freight companies.

The cybercrooks also are combining the theft of employee W-2s with an older scam involving wire transfers, which is victimizing some organizations twice, according to the alert.

“This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said in a prepared statement. “It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”

The IRS and its Security Summit partners flagged the reappearance of the scheme in late January. But the new alert warns of an uptick in occurrences, the alert states.

It works like this: Cybercriminals use what’s called “spoofing” emails that appear to be sent by an organization’s executive. The email goes to the payroll or human resources departments and asks for a list of all employees and their W-2 forms.

As for the wire transfers, the crooks also send an email impersonating the executive that asks the payroll department or comptroller to make a wire transfer to a particular account.

Although not tax-related, the wire transfer scam is being sent with the bogus W-2 email. So, as a result, some companies have lost employees’ W-2s and thousands of dollars due to the wire transfers, the alert states.

Security Summit partners are urging employers to create an internal policy about distributing employee W-2s and conducting wire transfers.

Organizations that get a W-2 scam email should send it to [email protected] with “W2 Scam” in the subject field. Scam victims should file a complaint with the FBI’s Internet Crime Complaint Center.

Employees whose W-2s have been stolen should follow the recommendations of the Federal Trade Commission or the IRS.

Employees should file a Form 14039, Identity Theft Affidavit, if their tax return is rejected because of a duplicate Social Security number or if instructed to do so by the IRS.

Related article:

IRS Warns of New W-2-Related Phishing Scheme