IRS warns tax professionals of W-2 email scam

The IRS has alerted tax professionals to a recent increase in email scams targeting employee Forms W-2. In 2017, the IRS witnessed a surge in the number of businesses, public schools, universities, tribal governments and nonprofits victimized by the W-2 scam increase to 200 from 50 in 2016. Those 200 victims translated into several hundred thousand employees whose sensitive data was stolen.
“These are incredibly tricky schemes that can be devastating to a tax professional or business,” said IRS Commissioner John Koskinen. “Cybercriminals target people with access to sensitive information, and they cleverly disguise their effort through an official-looking email request.”
The scam occurs when a cybercriminal is able to “spoof” or impersonate a company or an organization executive’s email address and target a payroll, financial or human resources employee with a request. The criminals then file fraudulent tax returns that could mirror the actual income received by the employees, making the fraud more difficult to detect.
The IRS, state tax agencies and tax industry partners working together through the Security Summit have launched the 10-week Don’t Take the Bait campaign that is currently underway, highlighting the many tactics adopted by cybercriminals as well as the steps tax professionals can take to protect their clients and themselves from remote takeovers.

Visit our News Library to read more news stories.