The IRS has issued a new warning about a phishing scam that’s working for the criminals — and they’re coming after your personal information.
Scammers are able to spoof or impersonate the email address of a company or organization’s executive. Fraudsters then email staffers in payroll or HR and ask for wire transfers and employee W-2 forms.
If the worker who has access to sensitive data replies to the email, all that information goes into the hands of the criminals.
IRS warns of W-2 phishing email scheme
“These are incredibly tricky schemes that can be devastating to a tax professional or business,” said IRS Commissioner John Koskinen. “Cybercriminals target people with access to sensitive information, and they cleverly disguise their effort through an official-looking email request.”
The IRS first warned about the W-2 scam during the 2016 filing season and it’s getting worse. There were 200 reported cases in 2017, up from 50 last year.
Businesses, public schools, universities, tribal governments and nonprofits have all been victimized. Several hundred thousand employees have had their sensitive data stolen.
A W-2 form contains an employee’s name, address, Social Security number, income and withholdings. Criminals have used the information to file fraudulent tax returns, and it can be posted for sale on the dark web.
Money expert Clark Howard wants you to make sure that every person in your company who has access to sensitive data — such as W-2s or the ability to make wire transfers — knows about this trending scam.
To avoid becoming the next victim, verbally confirm requests for W-2s, wire transfers or other sensitive info with the boss directly.