IRS Warns Of Increase In W-2 Theft Scams

Image courtesy of frankieleon

Tax time might still be months away, but that doesn’t mean you shouldn’t be on the lookout for possible scams: The Internal Revenue Service and FBI are warning consumers and businesses about an email scam targeting employee W-2 forms after seeing a 150% increase in incidents last year. 

According to the IRS, during the 2017 tax season, 200 businesses, public schools, universes, tribal governments, and nonprofits became victims of the W-2 scam, an increase from 50 such cases in 2016.

The Scheme

The W-2 Scam — known as a business email compromise  — works similarly to the equally as dangerous CEO Scam.

For instance, both schemes begin when a ne’er-do-well spoofs or impersonates a company or organization executive’s email address and sends a message to human resources or payroll employees.

In the W-2 scam, the message attempts to trick the employee into transferring a list of all employees and their W-2 forms. The IRS notes that after the scammer gets their hands on the employees’ W-2 forms, they immediately file fraudulent tax returns.

With the CEO scam, the email often asks the targeted worker to either transfer funds or provide personal information on employees; this can occasionally include W-2 or other tax forms.

“These are incredibly tricky schemes that can be devastating to a tax professional or business,” IRS Commissioner John Koskinen said in a warning. “Cybercriminals target people with access to sensitive information, and they cleverly disguise their effort through an official-looking email request.”

Preventing Fraud

Businesses can take several steps to ensure their employees do not fall victim to the W-2 scam.

According to the IRS, employees should always confirm requests for W-2 forms, wire transfers, or the transmission of any sensitive personal information verbally. They should only use contact numbers that were previously established, not phone numbers listed on the possibly fraudulent email, the IRS notes.

Businesses should also work with IT professionals to create intrusion detection systems and create email rules that flag potentially dangerous messages.

What To Do If You’re Affected

Any business or organization that believes it has been targeted or fallen victim to the W-2 scam should immediately contact the IRS and file a complaint with the FBI.

By doing so, the IRS says it can take steps to prevent employees from being victims of tax-related identity theft.

Additionally, the IRS has created an email notification address specifically for businesses and organizations to report W-2 thefts: dataloss@irs.gov. Companies should include “W-2 Scam” in the subject line and information about a point of contact in the body of the message.

Businesses and organizations that receive a suspect email but do not fall victim to the scam can forward it to the IRS at phishing@irs.gov, again with “W-2 scam” in the subject line.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.