W-2 Phishing Scam Is 'Most Dangerous' FBI Has Seen

It’s tax season — and you know what that means. Accountants are swamped, employees are eagerly awaiting their refunds, and cyber criminals are stealing your tax info.

Wait, what?

That’s right: W-2 forms are major target of identity thieves this tax season. The IRS sent out a press release at the beginning of this month warning that W-2 phishing scams have moved on from the corporate world and were now hitting school districts, tribal organizations, chain restaurants, temporary staffing agencies, healthcare, shipping and freight companies, and non-profits.

So what’s a W-2 phishing scam?

A W-2 phishing scam occurs when thieves send an email designed to look like it’s from the executive of a company requesting the W-2 tax forms of all of the employees of an organization. They’re often marked as “urgent” and good employees respond promptly, thinking that the information is going to their bosses. The scam first emerged last year and, unfortunately, is now spreading to less tech-savvy industries.

“This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said in the press release. “It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”

One example of an organization getting hit with this kind of scam happened in Ohio, where a Mount Healthy School District employee unknowingly sent the W-2 forms and personal information of 600 school district employees to thieves. She was responding to an email from her “boss” requesting the forms and ended up exposing herself and all of her colleagues to identity theft.

And they’re making it a double blow.

Schools, tribal organizations, and non-profits aren’t exactly known for their tech knowledge. This is probably one of the reasons they’re being targeted with W-2 phishing scams and, unfortunately, some organizations are reporting that they’ve been hit with two scams.

In addition to asking for and receiving W-2 forms, thieves are also sending “executive” emails requesting a wire transfer from the “boss” As a result, some organizations are not only facing potential identity theft for their employees but also losing thousands of dollars.

What can you do?

The first step of defense against this kind of scam is awareness. Confirm any requests for sensitive documents on the phone or in person. Make everyone in your organization aware that your company is at risk of this kind of theft and put clear policies in place for detecting and handling any phishing scams.

If your company has been hit with a phishing email, report it immediately to the IRS by forwarding it to [email protected] with the subject line “W2 Scam.” The IRS also asks that you report any attempted or completed phishing scams to the Internet Complaint Center. They also recommend that taxpayers avoid searching for technical tax help — including tax software — in standard search engines, as this can lead to infected, fake tech support links. Instead, they ask that taxpayers use their Free File site, where 12 brand-name tax softwares can be accessed safely and for free.

Share this post

About Tenta

Tenta is a next generation browser designed for privacy and security. Built-in true VPN, full data encryption, video downloader, secure medai vault, HTTPS Everywhere, Tenta DNS, and more.

View all posts by Tenta >

Install Tenta Browser Free!

Start protecting your online privacy today with Tenta Browser.

Download Tenta Browser Google Play Button