< Back to All

Beware W-2 Phishing Scam

January 13, 2023

Courtesy SBAM Approved Partner ASE

The IRS is warning employers of a particularly dangerous email scheme that is currently circulating. Called a business email compromise (BEC) or business email spoofing (BES), this scheme involves a cybercriminal sending an email that appears to be from a company executive. The email is sent to an employee in the company’s payroll or human resources department, requesting a list of all employees and their W-2 forms. 

The IRS has created procedures for employers and payroll professionals to report if they fell victim to a W-2 scam—or even if they didn’t. Businesses that lost data as a result of an email scam should notify the IRS as quickly as possible after the loss. If notified soon enough, the IRS may be able to take steps to protect employees from tax-related identity theft. 

A business should email the IRS at dataloss@irs.gov. The business should type “W-2 Data Loss” in the subject line. The email should include the following information so that the IRS can call the business:

  • Business name
  • Business employer identification number (EIN)
  • Associated with the data loss
  • Contact name
  • Contact phone number
  • Summary of how the data loss occurred
  • Volume of employees impacted
Share On: