The Internal Revenue Service, state tax agencies and the tax industry today renewed their warning about an email scam that uses a corporate officer’s name to request employee Forms W-2 from company payroll or human resources departments.
This week, the IRS already has received new notifications that the email scam is making its way across the nation for a second time. The IRS urges company payroll officials to double check any executive-level or unusual requests for lists of Forms W-2 or Social Security number.
The W-2 scam first appeared last year. Cybercriminals tricked payroll and human resource officials into disclosing employee names, SSNs and income information. The thieves then attempted to file fraudulent tax returns for tax refunds.
This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office or human resource employee and requests a list of employees and information including SSNs.
The following are some of the details that may be contained in the emails:
Working together in the Security Summit, the IRS, states and tax industry have made progress in their fight against tax-related identity theft, cybercriminals are using more sophisticated tactics to try to steal even more data that will allow them to impersonate taxpayers.
The Security Summit supports a national taxpayer awareness campaign called “Taxes. Security. Together.” and a national tax professional awareness effort called “Protect Your Clients; Protect Yourself.” These campaigns offer simple tips that can help make data more secure.