W-2 email scams are a common phishing threat, especially now when W-2s are being distributed. To steal these sensitive W-2 forms, cybercriminals send a phishing email posing as a company executive and request that employee W-2s be emailed back. Employees should be trained to always verify the request with the individual requesting the W-2s in person or over the phone (using known contact information).
The W-2 scam first appeared last year. Cybercriminals tricked payroll and human resource officials into disclosing employee names, SSNs and income information. The thieves then attempted to file fraudulent tax returns for tax refunds.
This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office or human resource employee and requests a list of employees and information including SSNs.
The following are some of the details that may be contained in the emails:
- Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
- I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
Working together in the Security Summit, the IRS, states and tax industry have made progress in their fight against tax-related identity theft, cybercriminals are using more sophisticated tactics to try to steal even more data that will allow them to impersonate taxpayers.
Alerting your employees, particularly those in HR or accounting, of this W-2 scam may prevent a data breach of your employees’ sensitive information.
Also Read: Four Things Every Homeowner Should Do
Article from IRS Website