Dangerous W-2 Scam Now Impacting The Public Sector

IRS Issues W-2 Security Alert

The Internal
Revenue Service (IRS) has issued a recent alert that the Form W-2 e-mail
phishing scam has expanded from the corporate world and into the public sector.
If you are a non-profit or governmental agency, you should be aware that this
scam can result in the large-scale theft of confidential information. This
information can then be used by cyber-criminals for various crimes including the
filing of fraudulent tax returns.

How Does The
Scam Work?

Cyber-criminals
will disguise e-mails to make them appear to be from an internal executive within
your organization. The e-mail will be sent to an employee in the payroll, human
resources, and finance departments and will request a list of all employees and
their Forms W-2. In the latest twist to this scam, the ‘executive’ e-mail will
ask that a wire transfer also be made to a certain account. The wire transfer
scam is being combined with the W-2 scam email, and some organizations have
lost both employees’ W-2s and thousands of dollars due to these fraudulent wire
transfers.

What To Do If
Your Organization Has Been Targeted

  • If you receive a W-2 scam email forward it immediately to your IT department and to phishing@irs.gov and place “W-2 Scam” in the subject line. Also, you should also notify the State by sending an alert to StateAlert@taxadmin.org.
  • If you receive the W-2 scam email or if you believe that sensitive data has been stolen, file a complaint with the Internet Crime Complaint Center.
  • Promptly notify the employees whose Forms W-2 have been stolen.
  • Employees should then review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS.
  • Employees will need to also file a Form 14039, Identify Theft Affidavit, if their tax return is rejected because of a duplicate social security number or if they are instructed to so by the IRS.

Best Practices When Handling E-Mail

  • If you receive an internal e-mail that appears to be suspicious (i.e. asking for protected data), pick up the phone and call the sender or ask them directly in person to verify the legitimacy of the email.
  • Other signs that an e-mail may be suspicious include the use of all capital letters, spelling errors, typos, and grammatical errors. Try to avoid opening these emails in the first place.
  • If you do open the email, do not proceed to click on any links, open any attachments, or download any files. If you open an attachment or download a file, contact your IT department immediately.
  • If you do click on a questionable link inadvertently and are prompted to log-in with your user credentials, register your credentials, or provide confidential information do not proceed to do so. Notify your IT department instead.
  • If you do end up logging your credentials on a questionable web-site or disclosing confidential information, change your password immediately and let your IT department know what has happened right away.

 

Connect With Us

Stay Connected!

Sign up to receive information on the latest government and non-profit industry insights, firm news, and upcoming events & seminars.

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.