The Internal Revenue Service has renewed its warning about an email fraud that uses a corporate officer’s name to request employee Forms W-2 from company payroll or human resources departments. The IRS has received new notifications that the email scam is making its way across the nation for a second time. The IRS urges company payroll officials to double check any executive-level or unusual requests for lists of Forms W-2 or Social Security numbers.
The W-2 scam first appeared last year. Cybercriminals tricked payroll and human resource officials into disclosing employee names, SSNs and income information. The thieves then attempted to file fraudulent tax returns for tax refunds.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen.
This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office or human resource employee and requests a list of employees and information including SSNs.
The following are some of the details that may be contained in the emails:
· Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
· Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, and Salary).
· I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me ASAP.
If your company is the target of this fraud, it should be reported to the IRS without responding to the scammer. Any W-2 scam e-mail can be forwarded to email@example.com with “W2 Scam” in the subject line.