Payroll Personnel, Beware of W-2 Scam

The IRS has urged employers to notify their payroll department of a W-2 phishing scam that affected hundreds of organizations—and hundreds of thousands of their employees—last year. Targets of the scam include small and large businesses, public schools, universities and charities. The IRS hopes to prevent the scam by educating employers and, for those affected by the scam, by providing measures to mitigate its success.

In the scam, cybercriminals research the organization and identify persons of authority (e.g., the Chief Operating Officer in a business). They then use a technique known as business email spoofing to impersonate that individual in email correspondence. In many cases, the perpetrator will begin with a seemingly innocent email, asking if the employee is working today. Thereafter, they will request Form W-2 information for all employees and, if that is received, ask for a wire transfer. The cybercriminal will use the W-2 information to file fraudulent tax returns or place it for sale on the Dark Net.

In addition to educating employers to prevent the scam, the IRS urges businesses to have effective controls in place around the release of private information. For example, businesses should limit the number of employees who can respond to W-2 requests and, when such a request is made, require additional verification from the requestor (such as a telephone call) before sending the W-2.

Unfortunately, many employers do not realize they are victims of the scam until days, weeks or months after it is effectuated. By this time, damage may have occurred. For this reason, employers should timely notify the IRS upon learning they are victims of the scam. Specifically, employers should:

  1. Email “[email protected]”;
  2. In the subject line, type “W2 Data Loss”; and
  3. Include in the email: (a) the business name and employer identification number; (b) a contact name and phone number; and (c) a summary of how the data loss occurred and the number of affected employees.

Likewise, victims, or attempted victims, of the scam should send the full email header to “[email protected]” with “W2 Scam” in the subject line.  

This is merely one of the many cybersecurity threats employers face. The nature and complexity of these attacks continues to evolve, becoming increasingly more difficult to detect. If you have questions about effective cybersecurity, do not hesitate to contact our office. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Buyer Beware: Five Common Holiday Scams of 2022
Automobile, Tax BY Steven Barber
The FTC Safeguards Rules Are Extended to June 9, 2023
A Sigh of Relief for Beneficiary IRA Owners
New Phishing Scam Targets Verified Twitter Accounts
401(k) Plans, Tax BY Luke Dovell
Want More Money? Start Investing Early
Cybersecurity Awareness Month is Over… Now What?
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.