IRS Warns Of Revamped W-2 Email Scam


The Internal Revenue Service recently issued a warning to U.S. employers and taxpayers to take additional cybersecurity precautions in the wake of new developments in an email W-2 phishing scam.

IRS Commissioner John Koskinen said in a statement, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”

This particular scam, sometimes referred to as business email spoofing (BES), reportedly first appeared last year, said the IRS. Cybercriminals send emails to employees in payroll and human resources (HR) using slightly modified email addresses to make it appear as if the emails are coming from an organization executive, said the IRS. The email requests a list of all employees and their W-2 forms.

The IRS reported that the scam has evolved beyond affecting just the corporate world and has spread to other sectors, including school districts, the health care sector, temp agencies and nonprofits, among others. Companies that received an email last year reported receiving one again this year.

The IRS said that if employers immediately report W-2 thefts, the agency can help protect employees from tax-related identity theft. The Security Summit — which includes the IRS, state tax agencies and the tax industry — reportedly enacted numerous safeguards in 2016 and 2017 to identify fraudulent returns filed through scams.

More recently, the W-2 BES scam saw cybercriminals following up with a second email asking for a wire transfer to be made to an account. The IRS urges that all employers notify payroll, finance and HR employees about the W-2 and wire transfer scam.

This year alone, according to numbers from Forbes, over 29,000 taxpayers have already been affected by the W-2 and wire-transfer email phishing scam.