IRS Issues Alert For W-2 Phishing Scams
Have you heard about the business email compromise (BEC) or business email spoofing (BES) scam? These scams involve phishing, where scammers pose as legitimate companies to obtain personal information in order to file fraudulent tax returns.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen.
With phishing scams, the cyber criminals’ goal is to lure employees to provide personal information, like your name, Social Security number, and birthdate– all critical requirements for submitting tax information.
Who is Targeted with W-2 Phishing Scams?
With this type of scam, any business entities or organizations in America could be a target. While scammers originally focused their effort on for-profit corporations, they are now targeting school districts, restaurants, hospitals, tribal organizations, and non-profit organizations. People in payroll, human resources, and accounting have a higher likelihood of being targeted, as they have access to employees’ personal information.
How Does The W-2 Phishing Scam Work?
- Scammers send a fake email posing as a legitimate corporate employee.
- Scammers request information about employee W-2 forms and earnings summaries from a company’s payroll or HR department.
- Some scammers even ask for a list of employees with personal information (first and last name, date of birth, Social Security number, home address, phone number, and salary).
The IRS published an official announcement about this scam to alert the public and educate them about the scam. While some companies and individuals might have been alerted in time, others may not have. If you’ve received a BEC scam email, take the following steps:
- Forward it to the IRS Phishing Division at email@example.com. The subject line should read “W2 Scam”
- File a complaint with the Internet Crime Complaint Center (IC3), operated by the Federal Bureau of Investigation
- Alert state tax agencies at StateAlert@taxadmin.org
Was this topic helpful?