Right now, the IRS is warning of a “particularly dangerous email scam” that is circulating – W-2 phishing. In the last couple of years, this has become one of the most prevalent (and dangerous) scams that affect the tax industry.

How it Works: By using either Business Email Compromise (BEC) or Business Email Spoofing (BES), phishers pose as executives and ask payroll personnel (or other administrative personnel that have access to employee records) to send copies of all employee W-2 Forms. Those forms are then used to file fraudulent returns, or are later sold on the dark web for profit.

If you believe your organization has fallen victim to a phishing scam, the IRS created a dedicated email notification address specifically for employers to report Form W-2 data thefts. To notify the IRS, they recommend the following steps:

  • Email dataloss@irs.gov with the subject line “W2 Data Loss” and include the following:
    • Business name
    • Business employer identification number (EIN) associated with the data loss
    • Contact name
    • Contact phone number
    • Summary of how the data loss occurred
    • Volume of employees impacted
    • Do not send any employee personally identifiable information (PII) data.

Businesses and organizations that receive a suspect-email, but do not respond to the request, should send the email header(s) (sender information, time stamp, etc.) to phishing@irs.gov with “W2 Scam” in the subject line.

Employers can learn more at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. If you have any additional question, please don’t hesitate to contact us.