IRS Warns Businesses of W-2 Phishing Scams

The Internal Revenue Service (IRS) has issued a pressing warning this tax season to businesses across the country urging all to be on the lookout for W-2 phishing scams. While previously scammers were targeting for-profit businesses, initially seen last year, they’ve now increased their spread by going after school districts and non-profit organizations.

Whereas phishing scams are usually spotted easily through attention to detail, for example easy to spot spelling or grammar mistakes in a supposedly professional email, the W-2 phishing scams are proving to be more well-thought-out and harder to recognize.

This tax season scammers are sending carefully crafted emails pretending to be the CEO or other high level staff of a company requesting information regarding employee W-2 forms from payroll or human resource departments. Most often the emails request earnings summaries and W-2s for all employees or an updated list of employees with their personal information attached, including social security numbers.

These emails look so authentic that numerous businesses across all industries have fallen victim to the scam. Employees send the information under the impression they are doing the right thing. Once the scammers have tricked an employee, they use the information to file fraudulent tax returns and obtain phony tax refunds.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,” said John Koskinen, IRS Commissioner.

If you receive an email from your CEO or boss requesting personal employee information or W-2 forms via email – proceed with extreme caution. Be sure to call your boss or speak with them in person to confirm that the email you received is in fact a legitimate request.

Would you like to learn more about keeping your organization safe from these cyberattacks?

Phishing Guide - Don't Take the Bait

Contact us using the form below to get expert answers on how to create a solid cybersecurity plan.