The IRS is warning taxpayers, business owners and tax preparers of a Dangerous W-2 Phishing Scam Evolving; Targeting Schools, Restaurants, Hospitals, Tribal Groups and Others.  If you are a victim of or inadvertently assisted in W-2 information theft, please contact the IRS at once, so they can protect the affected taxpayers from tax-related identity theft.

Tax preparers have additional responsibilities and should read this IRS info on what to do if you suffer a data breach of client information.

Here’s how the scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2.

This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. The following are some of the details that may be contained in the emails:

• Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
• Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
• I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

In the latest twist, the cybercriminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax-related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.

The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.

Organizations receiving a W-2 scam email should forward it to phishing@irs.gov and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.

Employees whose Forms W-2 have been stolen should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft.
Employees should file a Form 14039, Identity Theft Affidavit, if the employee’s own tax return rejects because of a duplicate Social Security number or if instructed to do so by the IRS.

The IRS also has a page offers all sorts of helpful security awareness tips for taxpayers as well as tax preparers.