Tax Law and News How to Avoid the W-2 Email Scam Read the Article Open Share Drawer Share this:Click to share on Twitter (Opens in new window)Click to share on Facebook (Opens in new window)Click to share on LinkedIn (Opens in new window) Written by Intuit Accountants Team Published Dec 1, 2017 4 min read As part of National Tax Security Week, the IRS, state tax agencies and private-sector tax groups warned the nation’s business, payroll and human resource communities about a growing W-2 email scam that threatens sensitive tax information held by employers. As tax professionals, this is key information you can use to make your firm’s staff and clients more aware of this scam. These emails may start with a simple, “Hey, you in today?” and by the end of the exchange, all of an organization’s Forms W-2 for their employees may be in the hands of cybercriminals. This puts workers at risk for tax-related identity theft. The W-2 scam has emerged as one of the most dangerous and successful phishing attacks, as hundreds of employers and thousands of employees fell victim to the scheme in the past year. This scam is such a threat to taxpayers that a special IRS reporting process has been established. Because IRS Security Summit partners have successfully made inroads into stopping stolen identity refund fraud, criminals now need more information to file a fraudulent return. That means they need more accurate data about taxpayers, causing them to target tax practitioners, payroll professionals and employers. Form W-2 contains income and withholding information necessary to file a tax return. All employers are at risk. In 2017, the W-2 scam made victims of businesses large and small, public schools and universities, as well as tribal governments, charities and hospitals. The scam, which grows larger each year, will likely make the rounds again in 2018. The Security Summit warns employers – in public and private sectors – to beware of this scheme and to educate employees, especially those in human resources and payroll departments who are often the first targets. This is an example of a business email compromise or business email spoofing in which the thief poses as a company executive, school official or someone of authority within the organization. The crook will send an email to one employee with payroll access, requesting a list of all employees and their Forms W-2. The thief may even specify the format in which he wants the information. The subject line has hundreds of variations along the lines of “review,” “manual review” or “request.” Because payroll officials believe they are corresponding with an executive, it may take weeks for someone to realize a data theft has occurred. Generally, the criminals are trying to quickly take advantage of their theft, sometimes filing fraudulent tax returns within a day or two. Because of the W-2 scam’s threat to tax administration for both federal and state governments, a special reporting process has been established to quickly alert the IRS and state tax agencies. Detailed reporting steps may be found at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. Here’s an abbreviated list of how to report these schemes: Email dataloss@irs.gov to notify the IRS of a W-2 data loss and provide contact information. In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data. Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states. Businesses/payroll service providers should file a complaint with the FBI’s Internet Crime Complaint Center . Businesses/payroll service providers may be asked to file a report with their local law enforcement agency. Notify employees so they may take steps to protect themselves from identity theft. The Federal Trade Commission’s www.identitytheft.gov provides guidance on general steps employees should take. Forward the scam email to phishing@irs.gov. Employers are urged to put steps and protocols in place for the sharing of sensitive employee information such as Forms W-2. One example would be to have two people review any distribution of sensitive W-2 data or wire transfers. Another example would be to require a verbal confirmation before emailing W-2 data. Employers also are urged to educate their payroll or human resources departments about these scams. As part of the Security Summit effort, the IRS, state tax agencies and the tax industry working together to fight against tax-related identity theft and to protect taxpayers. Everyone can help. Be alert and guard against the W-2 scam. Taxpayers are also encouraged to visit the “Taxes. Security. Together.” awareness campaign or review IRS Publication 4524, Security Awareness for Taxpayers, to learn more. Previous Post December 2017 Tax and Compliance Deadlines Next Post Tax Benefits of Company In-Home Holiday Parties Written by Intuit Accountants Team The Intuit® Accountants team provides ProConnect™ Tax, Lacerte® Tax, ProSeries® Tax, and add-on software and services to enable workflow for its customers. Visit us at https://proconnect.intuit.com, or follow us on Twitter @IntuitAccts. More from Intuit Accountants Team Comments are closed. Browse Related Articles Practice Management Top 7 advantages of choosing a firm niche Advisory Services Your firm: Maximizing value over volume Practice Management ProSeries® Tax spotlight: Nayo Carter-Gray, EA, MBA Practice Management Consultant Spotlight: Katherine Weiler Webinars Technology and Your Clients: Dec. 19 Webinars Escalating IRS Correspondence: Dec. 17 Webinars Intuit Hosting Hacks: Dec. 18 Webinars 5 Tips to Automate Tax Season: Dec. 17 Webinars SafeSend + Intuit = Engagement: Dec. 10 Webinars What’s New in ProConnect: Dec. 10