Phishing scams targeting W-2 forms bring FBI warning
The IRS is warning businesses about a sharp increase in email phishing scams involving employees’ W-2 forms — scams that can put staffers’ Social Security numbers and other critical information in the hands of thieves.
The government said 200 businesses, public schools, universities, Native American governments and nonprofits were victimized by these scams during the tax filing season. That’s up from 50 in 2016, when the scam appeared.
Thieves perpetrate the scams by sending emails that appear to come from executives inside the targeted organizations. The emails ask payroll or human resources departments to reply with a list of all employees and their W-2 forms.
The IRS has an email notification address specifically for businesses and organizations to report W-2 thefts: dataloss@irs. gov. Include “W-2 scam” in the subject line. Businesses and organizations that receive a suspicious email but haven’t been victimized should forward it to phishing@irs.gov, also with “W-2 scam” in the subject line. Anyone victimized should also contact the FBI through www.ic3.gov .
The IRS has suggestions for avoiding being victimized:
• If you get a suspicious email, call the person who purportedly sent it, using a phone number you can verify as theirs, not one in the email. Confirm that this person has in fact made the request.
• Make sure that any employees with access to W-2s or other sensitive information are aware of these scams. Make sure they know the warning signs of phishing scams.
• Invest in software that will flag suspicious emails.