All government tax organizations such as the IRS, the state tax agencies and the tax industry sent an important notification to all employers that the W-2 Phishing scan has progressed, dispersing to other regions such as school districts, nonprofits and group organizations. The scammers are conjoining this new scheme with an old scheme of wire transfers that is hurting organizations double time. IRS Commissioner John Koskinen stated, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”

The IRS, the tax industry and the state tax agencies work together to provide safety precautions to taxpayers, which makes it extremely difficult for cybercriminals to proceed with fraudulent activities. These criminals use different hoaxing methods to conceal the email they are sending and make it seem like it is an email from a boss or executive leader from your organization. This con is referred to as business email spoofing (BES) or business email compromise (BEC). The email gets sent to the human resources department or payroll department asking for a list of all employees W-2 for tax purposes. Since it is a disguise, the employees send the requested information without confirming if the email was actually sent from their executive leaders. However, when an employer reports this con to the IRS, they can take the necessary steps to protect their employee’s private information and advise the employer on how to proceed.

Although the Security Summit has notified taxpayers of this scam last week, they are seeing an increase in identity theft within a week. They urge all employers to be attentive to the W-2 scam because it is evolving and spreading to school districts, casinos, restaurants, staffing agencies, healthcare, shipping and freight and many more businesses. Businesses who received the email last year have reported that they are receiving the email again this year, but earlier in the tax season. Employers should proceed with caution and notify all their employees about the scam that is circulating and cultivating day by day.

Furthermore, scammers are emailing the employees and asking not only for the employees W-2 list, but they are also requesting a wire transfer of a certain amount be made promptly. Employees who succumb to the con are costing their employers thousands of dollars on top of their employee’s private information being released. The IRS and related tax governments are encouraging all employers to discuss these issues with their employees and urge them to ignore all emails that ask for such information. They are also insisting employers to create a policy that prohibits employees to release private information about other employees.

If an employer is unfortunate enough to go through something like this they should email to phishing@irs.gov and place “W2 Scam” in the subject line. They can also file a compliant to with the Internet Crime Complaint Center (IC3,) run by the FBI

Taxpayers should also be advised to be safe online. Searching certain things such as “tech support” may also have a scam embedded within it, so if any information is required before gaining access to the information you want to receive, the IRS urges taxpayers to disregard it. We encourage you to research on this issue and go IRS’s website for more information on what options you have if you are a victim of W-2 identity theft.