(406) 248-6178 Montana • Wyoming • Idaho • North Dakota  

W-2 Email Phishing Scam

For personal and corporate income tax purposes, many states have issued a press release urging employers, including small and large businesses, public schools and universities, hospitals, tribal governments, and charities, to educate their payroll staff about Form W-2 phishing scams in which thieves trick them into disclosing sensitive information to claim fraudulent refunds. In these scams, cybercriminals impersonate chief operating officers, school executives or others in authority. These criminals use a technique known as business email compromise or business email spoofing to send emails to payroll personnel requesting copies of Forms W-2 for all employees. Since Form W-2 contains the employee’s name, address, Social Security number, income, and withholdings, cybercriminals use that information to file fraudulent tax returns, or they post that information for sale on the “Dark Net.”

The Internal Revenue Service (IRS) has created a special email notification address specifically for employers to report Form W-2 data thefts. Victims can report W-2 data loss to the IRS by emailing at dataloss@irs.gov. To make sure that the email is routed properly, taxpayers should type “W2 Data Loss” in the subject line of the email. Taxpayers should not attach any information or data which could personally identify an employee. Businesses and organizations that fall victim to the scam, and organizations that only receive a suspect email but do not fall victim to the scam, should send the full email headers to phishing@irs.gov and use “W2 Scam” in the subject line. (CCH Daily Alerts)