FBI warns of fast-growing W-2 email scam
Native American governments and nonprofits were victimized by these scams during this year’s tax filing season, resulting in the theft of several hundred thousand employees’ data. That’s up from 50 in 2016, when the scam first appeared.
Thieves perpetrate the scams by sending emails that appear to come from executives inside the targeted organizations. The emails ask payroll or human resources departments for a list of all employees and their W-2 forms. Some emails also ask companies to transfer money.
Companies should be on alert for anyone asking for W-2 forms or wire transfers.
The IRS has an email notification address for businesses and organizations to report W-2 thefts: dataloss@irs.gov. Be sure to include “W-2 scam” in the subject line.
Businesses and organizations that receive a suspicious email but haven’t been victimized should forward it to phishing@irs.gov, also with “W-2 scam” in the subject line. Anyone victimized should also contact the FBI’s Internet Crime Complaint Center through its website, ic3.gov.
The IRS also has suggestions for avoiding being victimized:
If you get a suspicious email, pick up the phone and call the person who purportedly sent it, using a phone number you can verify as theirs, not one that might be in the email. Confirm that this person has made the request.
Make sure that any employees with access to W-2s or other sensitive information are aware of these scams. Make sure they know the warning signs of phishing scams, including incorrect email addresses.
Invest in software that will flag suspicious emails.