Payroll Personnel, Beware of W-2 Scam

The IRS has urged employers to notify their payroll department of a W-2 phishing scam that affected hundreds of organizations—and hundreds of thousands of their employees—last year. Targets of the scam include small and large businesses, public schools, universities and charities. The IRS hopes to prevent the scam by educating employers and, for those affected by the scam, by providing measures to mitigate its success.

In the scam, cybercriminals research the organization and identify persons of authority (e.g., the Chief Operating Officer in a business). They then use a technique known as business email spoofing to impersonate that individual in email correspondence. In many cases, the perpetrator will begin with a seemingly innocent email, asking if the employee is working today. Thereafter, they will request Form W-2 information for all employees and, if that is received, ask for a wire transfer. The cybercriminal will use the W-2 information to file fraudulent tax returns or place it for sale on the Dark Net.

In addition to educating employers to prevent the scam, the IRS urges businesses to have effective controls in place around the release of private information. For example, businesses should limit the number of employees who can respond to W-2 requests and, when such a request is made, require additional verification from the requestor (such as a telephone call) before sending the W-2.

Unfortunately, many employers do not realize they are victims of the scam until days, weeks or months after it is effectuated. By this time, damage may have occurred. For this reason, employers should timely notify the IRS upon learning they are victims of the scam. Specifically, employers should:

  1. Email “[email protected]”;
  2. In the subject line, type “W2 Data Loss”; and
  3. Include in the email: (a) the business name and employer identification number; (b) a contact name and phone number; and (c) a summary of how the data loss occurred and the number of affected employees.

Likewise, victims, or attempted victims, of the scam should send the full email header to “[email protected]” with “W2 Scam” in the subject line.  

This is merely one of the many cybersecurity threats employers face. The nature and complexity of these attacks continues to evolve, becoming increasingly more difficult to detect. If you have questions about effective cybersecurity, do not hesitate to contact our office. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2021 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Three New Cybersecurity Bills Pass the House
CARES Act, Tax BY Austin Nace
Disappointing News for Employers: Employee Retention Credit Ends Before Fourth Quarter of 2021
Welcome News for the Trucking Industry - Clarification of 100% Meals and Entertainment Deduction for Per Diems
What Are The Most Common Passwords of 2021?
Build Back Better Tax Legislation Update – International Tax Changes
IRS Joins Forces to Combat Fraud Against Charitable Organizations
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.