Cybercriminals impersonate persons of authority within organizations
February 6, 2019
Business taxpayers should be on alert for W-2 phishing scam
Article coutesy Yeo & Yeo
Each year, thousands of taxpayers are tricked into revealing their personal information online and lose millions of dollars. Business taxpayers should be extra alert for cybercriminals attempting to steal W-2 forms and other sensitive information through a phishing scam.
In a typical scenario, cybercriminals impersonate persons of authority within a company and send an email to payroll personnel asking for copies of all employee W-2 forms. The scammers do their homework about an entity’s organizational chart and all communications appear legitimate.
A W-2 form contains an employee’s name, address, Social Security number, income and withholdings. Cybercriminals use that information to file fraudulent tax returns, or they post it for sale on the “Dark Web.”
“Businesses need to be aware of this scam,” said Deputy State Treasurer Glenn White, head of Treasury’s Tax Administration Group. “Make time today to educate your employees about internal security processes for appropriately distributing sensitive information. With state income tax filing season rapidly approaching, cybercriminals will be out in full force to take advantage of taxpayers.”
The Internal Revenue Service reports the scam has affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.
The W-2 phishing scam has gained momentum nationwide over the last two tax years. The IRS reports more than 200 employers were victimized nationwide in 2017, affecting hundreds of thousands of employees who had their identities compromised.
Business taxpayers who receive this type of email are asked to report the encounter to email@example.com. To learn more about identity theft, go to www.michigan.gov/identitytheft.