Sign in

Create Account Forgot your username or password?
Explore All Topics
Tax Information Center arrow icon IRS

IRS Issues Alert For W-2 Phishing Scams

2 min read


2 min read


Have you heard about the business email compromise (BEC) or business email spoofing (BES) scam? These scams involve phishing, where scammers pose as legitimate companies to obtain personal information in order to file fraudulent tax returns.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen.

With phishing scams, the cyber criminals’ goal is to lure employees to provide personal information, like your name, Social Security number, and birthdate– all critical requirements for submitting tax information.

Who is Targeted with W-2 Phishing Scams?

With this type of scam, any business entities or organizations in America could be a target. While scammers originally focused their effort on for-profit corporations, they are now targeting school districts, restaurants, hospitals, tribal organizations, and non-profit organizations. People in payroll, human resources, and accounting have a higher likelihood of being targeted, as they have access to employees’ personal information.

“After I had already gone through the stuff with the IRS, [my company] sent out a mass email saying our W-2s were compromised. A lot of the people who work for the company had this same thing happen where they were getting their taxes rejected because someone had already filed them with their Social Security numbers… You guys really helped me out… Calmed my nerves.” – Jackie K. (2017 Tax Identity Shield Member)

 How Does The W-2 Phishing Scam Work?

  1. Scammers send a fake email posing as a legitimate corporate employee.
  2. Scammers request information about employee W-2 forms and earnings summaries from a company’s payroll or HR department.
  3. Some scammers even ask for a list of employees with personal information (first and last name, date of birth, Social Security number, home address, phone number, and salary).

Take Action

The IRS published an official announcement about this scam to alert the public and educate them about the scam. While some companies and individuals might have been alerted in time, others may not have. If you’ve received a BEC scam email, take the following steps:

  • Forward it to the IRS Phishing Division at phishing@irs.gov. The subject line should read “W2 Scam”
  • File a complaint with the Internet Crime Complaint Center (IC3), operated by the Federal Bureau of Investigation
  • Alert state tax agencies at StateAlert@taxadmin.org

If you believe you might be a victim of a phishing scam, you should consider learning more about Tax Identity Shield® from H&R Block. (If you are already a member, sign in here.)

Was this topic helpful?

Related topics

Tax brackets and rates

A new job or extra income can change your tax bracket. We can help you learn more about filing changes.

Tax reform

Find information on tax reform and how it affects you.

Forms

Which tax forms do you need? Don’t guess – get answers from H&R Block today.

Tax fraud

Learn how to protect yourself and your money from falling victim to tax fraud.

Recommended articles

Audits and tax notices

Top IRS audit triggers: 8 tax mistakes to avoid

Tax brackets and rates

What are the current tax rates?

Forms

The Complete Guide to the W-2 Form

No one offers more ways to get tax help than H&R Block.

File with a tax pro
File online