Beware of dangerous W-2 phishing scam
Posted On: 2-10-2017 | Posted By: WK Staff
The IRS has issued an alert regarding another phishing scam targeting employees’ Form W-2 data that has spread beyond the corporate world to other sectors including school districts, restaurants, hospitals, and other nonprofit employers. The scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).
The scam involves cyber-criminals posing as a top-level corporate executive and sending emails to the human resources or payroll departments. The emails will most likely ask for copies of the Form W-2 and earnings summary of all employees or an updated list of employees with their personal details including Social Security Number, home address, and salary.
It is important that if you receive an e-mail like this, double-check the physical e-mail address where the message came from. The phishing attempt will pose as a top corporate executive with the email appearing to originate from legitimate email addresses of organizational executives, but email replies will go to the accounts of the cyber-criminals. It might be safest to double-check with the executive prior to responding to the email in order to determine the legitimacy of the email request.
The scam began during last year’s tax season, only targeting for-profit companies; however, scammers now seem to be targeting not-for-profits as well. This scam can be very detrimental; if information is obtained, scammers can file fraudulent tax returns and obtain significantly large tax refunds using others’ information, creating a very difficult situation for the impacted employees when they actually file their returns.