“Current technology allows us to handle most legal matters without the need for in person contact. Mockensturm, Ltd. remains open for business during the COVID-19 national emergency and we encourage you to contact us to discuss how we can help you during these difficult times.”

Tax Issues?

Put An Experienced Attorney
And CPA On Your Side

Protect your business and employees against a W-2 phishing scam

| Feb 22, 2017 | Uncategorized |

Most businesses do their due diligence in warning employees about sharing confidential information, such as W-2s, with outside sources you don’t recognize. But what if an email appears to have come from inside your organization?

Cybercriminals are getting more sophisticated with their techniques. As a result, fake websites appear legitimate, and emails can appear to come from a company executive when they do not. The latter is currently in widespread use through a dangerous W-2 scam.

Earlier this month, the IRS issued an urgent alert to employers regarding these W-2 email phishing scams. This scam first appeared last year, targeting mostly corporations. It is back even earlier in this tax season and extends beyond corporations to nonprofits, school districts, hospitals and other organizations. 

“This is one of the most dangerous email phishing scams we’ve seen in a long time,” said IRS Commissioner John Koskinen. 

The scammers are using various spoofing techniques to disguise emails, making them appear to be from executives at the targeted organizations. They send the email to employees in the payroll or human resources departments, requesting a list of all employees and their W-2 forms. Unsuspecting employees comply with this request, allowing for a large-scale theft of sensitive employee tax data.

This type of scam is referred to as business email compromise (BEC) or business email spoofing (BES). The IRS encourages businesses to share information about this scam with their employees. They also suggest implementing a secure method for transfer of W-2 information, if one doesn’t exist in your organization already.

Businesses that fall victim to the W-2 scam should report it to the IRS’s Internet Crime Complaint Center. Their secure website is https://www.ic3.gov.

FindLaw Network