Phishing scheme requests Form W-2 and other confidential employee information

Payroll and human resources departments should beware of an email phishing scheme in which cybercriminals pose as company executives (including CEOs) and ask for confidential employee information, such as Forms W-2, Wage and Tax Statement, and employees’ Social Security numbers, address, date of birth, and salary, the IRS warned on Tuesday. Once this information has been stolen, it can be used to commit a number of crimes, including filing fraudulent tax returns to obtain refunds.

“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” IRS Commissioner John Koskinen said in a prepared statement. The fraudulent emails use what is called “spoofing,” which makes it appear the messages are from company executives, and often contain the name of the company’s CEO. Payroll departments are warned not to respond to these emails without being sure of who they are sending this information to.

The IRS says its Criminal Investigation division is reviewing several cases in which this latest variation on phishing has tricked people into supplying confidential employee information to cybercriminals.

The IRS recently reported detecting a 400% surge in email phishing schemes and malware attacks this tax season. It reminded taxpayers to be vigilant in protecting their personal information. Phishing schemes recently made the IRS’s annual “dirty dozen” list of top tax scams (see prior coverage here).

—Sally P. Schreiber (sschreiber@aicpa.org) is a JofA senior editor.