The IRS, state tax agencies and the tax industry urge all employers to educate their payroll personnel about a Form W-2 phishing scam that affected hundreds of organizations and thousands of employees last year, according to www.irs.gov.
The Form W-2 scam has become one of the most dangerous phishing emails in the tax community. During the past two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information for entire workforces. The scam affected all types of employers—from small and large businesses to public schools and universities, among others.
Reports to firstname.lastname@example.org from victims and nonvictims about this scam jumped to about 900 in 2017 compared with slightly more than 100 in 2016. Last year, more than 200 employers were victimized and hundreds of thousands of employees had their identities compromised.
By alerting employers now, the IRS and its partners in the Security Summit effort hope to limit the success of this scam in 2018. In 2017, the IRS also created a new process by which employers should report these scams. There are steps the IRS can take to protect employees but only if the agency is notified immediately by employers about the theft.
The IRS offers information about how the phishing scam works and the steps you can take if your business or organization is victimized by these attacks. For more information, click here.