IRS warns of Form W – 2 scam that targets payroll & human resources departments

IR 2017-10

For the second year in a row, IRS has issued a warning about an e-mail scam that uses a corporate officer’s name to request W-2 forms from company payroll or human resources departments.

IRS has received new notifications that this e-mail scam is making its way across the nation for a second time. IRS urges company payroll officials to double check any executive-level or unusual requests for lists of W-2 forms or Social Security numbers (SSNs). Cybercriminals use this information to attempt to file fraudulent income tax returns for tax refunds.

This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer (CEO). In the latest variation of this scheme, the purported CEO sends an e-mail to a company payroll office or human resource employee and requests a list of employees and information including SSNs. The e-mail may also include requests for other types of personal employee information, such as salary or address.

IRS highlighted the following phrases as examples of the type of language that might appear in spoofing e-mails:

  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

The warning notes that IRS, state taxing authorities, and the tax industry have made progress in the fight against tax-related identity theft working together in the Security Summit, but that cybercriminals are using more sophisticated tactics to try to steal even more data that will allow them to impersonate taxpayers. IRS referred taxpayers to security tips offered as part of its identity protection campaign to help make data more secure.

References: For identity theft, see FTC 2d/FIN ¶ T-10164.4.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.