IRS Alerts Taxpayers Against Common W-2 Phishing Scam

Posted · Add Comment

As we have discussed in numerous alerts in the past, extreme care must be taken to ensure that our personal identities are protected.  For those individuals who have access to personal information of employees (i.e. responsible parties or agents), there continues to be an increased risk that at some point, someone with very bad intentions will attempt to steal private information from you or others in your organization.   The scammers are getting better and just this past week, numerous businesses in the Pittsburgh region were hacked and in several situations, confidential information was provided to fraudsters.

This is not a new problem and the IRS continuously issues alerts addressing the situation and reminding taxpayers to be diligent in their protection of employee related information.

Earlier this week, the IRS alerted tax professionals, employers, and other taxpayers about a common W-2 phishing scam used at this time of year with Advance Release IR-2018-8.

Typically, with a W-2 phishing scam, fraudsters trick payroll personnel into providing employees’ Forms W-2 to the fraudster by posing as a high-ranking executive of the company. Often times, fraudsters attach a time sensitive component to the request which urges payroll employees to provide the information as soon as possible. This false urgency can prompt payroll personnel to provide W-2 information without fully evaluating the validity of the request. The fraudsters research a targeted company to identify individuals in positions of authority at the organization. Next, the fraudsters utilize a technique known as “business email compromise” (BEC) or “business email spoofing” (BES) to pose as an executive by creating a slightly different imposter email address which they use to request copies of all Forms W-2. The fraudsters then use the employees’ Social Security Numbers, addresses, income, and withholding information to file false tax returns or sell the information on the Dark Net. The IRS received reports that in several cases, the fraudsters immediately requested a wire transfer of funds after the workforce information was acquired.

The IRS notes that this was one of the most damaging and successful techniques by fraudsters last year with hundreds of employers and thousands of employees impacted by these schemes. The IRS also noted that no one particular type of organization was impacted more than others.  Small and large business, public schools, universities, and charities all fell victim to this phishing scam last year. This phishing technique is particularly damaging because in many cases payroll staff are tricked into disclosing sensitive information for the company’s entire workforce. In 2016, roughly 100 reports were submitted to the IRS, as compared to over 900 in 2017. Approximately, 200 employers were victimized in 2016, which translates into hundreds of thousands of employees who had their identities compromised. Due to the increasing threat of this type of fraud, the IRS has issued a special reporting process to help the Service identify and prevent Form W-2 fraud.

By reporting these types of frauds early, the IRS can take measures to alleviate the impact on employees whose personal information has been compromised by preventing tax-related identity theft. The Service has created an email address specifically for employers to report Form W-2 data thefts.  If there is a concern that confidential Form W-2 information has been compromised, the employer should follow the following steps:

  1. Email to notify the IRS of a Form W-2 data loss and provide contact information, as listed below.
  2. In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.
  3. Include the following:
    1. Business name
    2. Business employer identification number (EIN) associated with the data loss
    3. Contact name
    4. Contact phone number
    5. Summary of how the data loss occurred
    6. Volume of employees impacted

Businesses and organizations that only receive a suspect email but do not fall victim to the scam should send the full email to and use “W2 Scam” in the subject line.

In addition to the reporting process offered by the IRS, the Service recommends education and changes to payroll and human resource policies to limit companies’ exposure to these types of fraud. Employers should educate their payroll personnel on the techniques used by fraudsters so that payroll staff can effectively evaluate if an email is a legitimate request from a company executive. Also, companies should implement policies that limit the number of employees who have authority to handle workforce Forms W-2 and require additional verification to validate the executive’s identity (i.e. password protection, etc.) before such information is emailed.

Employers should be aware that cyber criminals’ scams constantly evolve. Finance and payroll personnel should be alert to any unusual requests for employee data.

If you or your employees suspect that you have fallen victim to W-2 fraud, please contact  Robert Grossman or Donald Johnston at 412-338-9300 and they can assist you in the process to report the theft to the IRS.

See Related Posts:

Internal Revenue Service Renews Warning about Form W-2 Scam

Beware of Internal Revenue Service Impersonation Scams

IRS Issues Continue to Mount – Taxpayers Warned of Scams

New Phishing Expedition: IRS Warns Taxpayers of Fraudulent CP2000 Notices