By Michael Cohn
Published February 02 2017, 7:05pm EST
The Internal Revenue Service is cautioning a variety of organizations that the W-2 phishing email scam is now spreading to more organizations beyond corporate America, with schools, restaurants, hospitals and tribal groups now being targeted by cybercriminals.
Last week, the IRS issued a warning about the scam reappearing this tax season for the second year in a row (see IRS warns of second wave of W-2 email scam). Cybercriminals tricked payroll and HR employees into giving employee names, SSNs and income information in response to emails from fraudsters posing as corporate executives. Identity thieves then filed tax returns using the employees’ names seeking their tax refunds. On Thursday, the IRS, along with state tax agencies and the tax industry said the Form W-2 email phishing scam has evolved beyond the corporate world and is now spreading to other sectors, including school districts, tribal organizations and nonprofits.
On top of that, the fraudsters are coupling their efforts to steal employee W-2 information with an older scheme on wire transfers to victimize some organizations a second time.
“This is one of the most dangerous email phishing scams we’ve seen in a long time,” said IRS Commissioner John Koskinen in a statement. “It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”
The scammers are employing different spoofing techniques to disguise an email so it seems to come from an organization executive. The email is transmitted to an employee in the payroll or HR department, asking for a list of all employees and their W-2 forms. The scam is sometimes known as business email compromise (BEC) or business email spoofing (BES).
The IRS and its Security Summit partners are warning all types of employers to be on their guard against the scam. The W-2 scam first appeared last year and is now making the rounds earlier this tax season to a broader array of organizations, including school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare and shipping and freight. The businesses that were on the receiving end of the scam email last year are reporting they are receiving it again this year.
Fraudsters are now following up the original email with an “executive” email to the payroll or comptroller asking that a wire transfer be made to a certain account. While not specifically tax related, the wire transfer scam is being used in concert with the W-2 scam email. Some companies reportedly have lost both employees’ W-2s and thousands of dollars due to wire transfers.
The IRS, states and tax industry are asking all employers to warn their payroll, finance and HR employees about the latest W-2 and wire transfer scam. Companies should create an internal policy, if they don’t already have one, on the distribution of employee W-2 information and conducting wire transfers.