Alert: W-2 scams are back for 2018 — here’s what you need to know

|
IRS scam
Image Credit: Dreamstime
Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.
Advertisement

If you work in payroll or human resources and you get an email from your boss with a friendly “Hi, are you working today?” the IRS says the identities of your company’s entire workforce could be in the cross-hairs of a criminal.

RELATED: Key 2018 tax dates to know

A look at the popular W-2 scam

For the past two tax seasons, scamsters have been running a successful W-2 email phishing scam operation that has tricked major companies like messaging service Snapchat and disk-drive maker Seagate Technology.

Only, it’s not the companies that suffer the greatest harm from this scam — it’s their rank-and-file employees.

Here’s how this scam works: Through business email compromise (BEC) or business email spoofing (BES), criminals pose as top company brass and send emails to payroll professionals asking for copies of W-2 forms for all employees.

Unfortunately, those earnings summaries have more than just salaries and wages on them. They also contain employees’ names, addresses, Social Security numbers and withholding info.

The crooks can then use that pilfered info to file bogus tax returns or sell it online to other criminals, according to the latest IRS warning.

Once an email chain is established between a payroll professional and a crook masquerading as a CEO, the criminal can even follow up with a request for a wire transfer.

Businesses fight back

So what’s a business to do in light of a crime that’s grown exponentially from just 100+ reported cases in 2016 to some 900 in 2017 — and is only likely to grow from here?

The IRS has a few recommendations:

  1. Companies should limit the number of employees who have authority to handle W-2 requests.
  2. Anyone authorized to handle W-2 requests should be trained in how to validate the query before turning over the requested info.

Meanwhile, do you believe your organization has already fallen victim to a W-2 scam this year? If so, the IRS has a new protocol in place for you in 2018:

  • Email [email protected] to notify the IRS of a Form W-2 data loss
  • Use “W2 Data Loss” as the subject line
  • Don’t attach personally identifiable information data for any employee
  • Be sure to include the following in your email:
    • Business name
    • Business employer identification number (EIN) associated with the data loss
    • Contact name
    • Contact phone number
    • Summary of how the data loss occurred
    • Volume of employees impacted

Finally, vigilance on the part of business owners is the best way to combat this scam. If your business or organization receives a scam request but does not fall victim to it, you can send the full email headers to [email protected]. Be sure to use “W2 Scam” as the subject line so it can be routed properly.

RELATED: New IRS tax withholding tables mean your paycheck might be getting a little bigger soon

Mark your calendar: Key 2018 IRS tax dates to know!

Advertisement
Theo Thimou About the author:
Theo has co-written several books with Clark Howard, including the New York Times #1 bestseller Living Large in Lean Times. As a single widowed parent of two young children, he strives to bring unique savings tips to men and women like him who must face life without their spouses. He can be reached at [email protected]
View More Articles
  • Show Comments Hide Comments