Alert Employers & Employees - Beware of Dangerous EMAIL SCAMS!
“All employers are targets for W-2 scams – IRS”
What is W2 Scams?
A W-2 phishing attack is a cyber-tactic that hackers use to obtain employees’ sensitive information from W-2s.
W-2s are important forms you include when you file your taxes. They enclose information such as your name, address, Social Security number, income, and tax withholdings.
How hackers steal your information?
Employees will receive an email scam that uses a CEO or organization leader name to request employee W-2 forms from company payroll or human resources departments.
Because payroll executives believe the email is from trusted source and exchanges W-2 form information with a cyber-criminal. Criminals use your credentials for fraudulent tax returns.
How to identify the Scam mail?
The mail starts with a simple greeting or subject line, like:
"Hey, you in today”, or IRS Important Notice and requesting for the below information
Individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review
Updated list of employees with full details (Names, Social Security Numbers, Dates of Birth, Home Addresses, Salaries)?”
List of W-2 copies of employees’ wage and tax statement for 2016.
How to protect?
Verify the sender
Never open a hyperlinks form suspicious source
IRS never demand immediate payment
Check with your management
File a complaint
Businesses should report these scam emails by emailing to firstname.lastname@example.org or email@example.com.