The IRS is warning against a major W-2 scam targeting employers and businesses

Image: MGN Online

MONTGOMERY, Ala. — The IRS and the State of Alabama Department of Revenue are warning businesses and employers of what they say is a growing W-2 scam that is threatening sensitive tax information. They expect the scam will continue for the 2018 tax season and are reminding companies to be aware and vigilant.

According to the Alabama Department of Revenue, the scam has become one of the most dangerous and successful phishing attacks. In the past year, tens of thousands of employees had their W-2 forms stolen. Large and small business, tribal governments, charities, and hospitals were all targeted successfully.

November 27 to December 1 has been named “National Security Awareness Week” by the IRS and the Security Summit partners which include state tax agencies and the tax community. Today the focus is on this particular scam in order to keep employers aware of the risk for tax-related identity theft.”

Emails can begin with a simple, “Hey are you in today?” according to the Alabama Department of Revenue. They are seemingly harmless but can end up giving cybercriminals access to all of an organization’s employee W-2 forms.

The Security Summit Partners warn that cybercriminals need access to extra and more accurate information in order to file a fraudulent return since the partners have increasingly stopped stolen identity refund fraud.  The departments that are most at risk are human resources and payroll.

The Alabama Department of Revenue details how these attacks usually happen: The scam typically begins with an email to one employee with payroll access. The criminal requests a list of all employees and their W-2 forms with a subject line similar to “review” or “request.” The payroll official may believe they are responding to an executive and it can take weeks for someone to realize the data breach has happened. Criminals will oftentimes file the returns within a day or two of the theft.

The IRS has established a protocol to quickly report these types of schemes. Below are some key steps from the list:

  • Email dataloss@irs.gov to notify the IRS of a W-2 data loss and provide contact information. In the subject line,
    type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable
    information data.
  • Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report
    victim information to the states.
  • Businesses/payroll service providers should file a complaint with the FBI’s Internet Crime Complaint Center
    (IC3.gov). Businesses/payroll service providers may be asked to file a report with their local law enforcement
    agency.
  • Notify employees so they may take steps to protect themselves from identity theft. The Federal Trade
    Commission’s http://www.identitytheft.gov provides guidance on general steps employees should take.
  • Forward the scam email to phishing@irs.gov.