February 2, 2017
LANSING, Michigan – The Michigan Department of Treasury, Internal Revenue Service and the tax industry today issued an alert to all employers that an old Form W-2 email phishing scam has evolved beyond the corporate world and is spreading to school districts, restaurants, hospitals, tribal organizations, nonprofits and others.
In a related development, the W-2 scammers are coupling their efforts to steal employee W-2 information with an older scheme on wire transfers that is victimizing some organizations twice.
Here’s how the scam works: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their W-2 forms.
Unfortunately, the individual receiving the email unknowingly provides the requested information to the cybercriminal. This scam is sometimes referred to as Business Email Compromise (BEC) or Business Email Spoofing (BES).
When employers report W-2 thefts immediately to the IRS, the agency can take steps to help protect employees from tax-related identity theft. As the state Treasury Department, IRS and the tax industry enact safeguards to identify fraudulent returns filed through scams like this, cybercriminals need more data to mimic real tax returns.
The state Treasury Department urges all employers to be vigilant. This W-2 scam, which first appeared last year, is circulating earlier in the tax season and to a broader cross-section of organizations, including school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare and shipping and freight.
Businesses that received the scam email last year also are reportedly receiving it again this year. The Internal Revenue Service and other partners warned of this scam’s reappearance last week but have seen an upswing in reports in recent days.
New Twist to W-2 Scam: Companies Also Being Asked to Wire Money
In the latest twist, the cybercriminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.
The state Treasury Department, IRS and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam. Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.
Steps Employers Can Take If They See the W-2 Scam
Organizations receiving a W-2 scam email should forward it to firstname.lastname@example.org and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3).
Employees whose W-2 forms have been stolen should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft.
The W-2 scam is just one of several new variations that have appeared in the past year that focus on the large-scale thefts of sensitive tax information from tax preparers, businesses and payroll companies. Individual taxpayers also can be targets of phishing scams, but cybercriminals seem to have evolved their tactics to focus on mass data thefts.
Be Safe Online
In addition to avoiding email scams during the tax season, taxpayers and tax preparers should be leery of using search engines to find technical help with taxes or tax software. Selecting the wrong “tech support” link could lead to a loss of data or an infected computer.
Taxpayers searching for a paid tax professional for tax help can use the IRS Choosing a Tax Professional lookup tool or if taxpayers need free help can review the Free Tax Return Preparation Programs. Taxpayers or tax preparers looking for tech support for their software products should go directly to the provider’s web page.
This information was provided by the State of Michigan Department of Treasury. For additional information, click here.