Rates and products offered may differ from state to state. To see the rate and offering available to you, please select the state where you bank. (Your privacy is important to us—see our Privacy Notice)
Beginning in January 2017, IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed an increase in reports of compromised or spoofed emails requesting W-2 information. Sometimes these requests were followed by or combined with a request for an unauthorized wire transfer.
The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource (HR) professional within the same organization.
Individual taxpayers may also be the targeted, but criminals have evolved their tactics to focus on mass data thefts.
This scam is just one of several new variations of IRS and tax-related phishing campaigns targeting W-2 information, indicating an increase in the interest of criminals in sensitive tax information.
HOW TO REPORT A DATA LOSS RELATED TO IRS RELATED TO A W-2 SCAM
If notified quickly after the loss, the IRS may be able to take steps that help protect your employees from tax-related identity theft. To contact the IRS about a W-2 loss, email IRS at email@example.com and provide the information listed below so the IRS can contact you. In the subject line, type “W-2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information (PII) data.
Provide the following information in your email:
Note: The IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Any contact from the IRS will be in response to a contact initiated by you. Criminals, when they learn of a new IRS process, often create false IRS web sites and IRS impersonation emails.
HOW TO REPORT DATA LOSS TO STATE TAX AGENCIES
HOW TO REPORT DATA LOSS TO OTHER LAW ENFORCEMENT OFFICIALS
HOW TO REPORT W-2 PHISHING EMAILS TO IRS
If your business received the email but did NOT fall victim to the scam, forward the email to the IRS. The IRS needs the email header from the phishing email for its investigation, which means you must do more than just forward the email to firstname.lastname@example.org.
There are various ways to view and save an email header depending on your email client program or web service. Please research the method that corresponds with your program or service.
Here’s what to do with the W-2 email scam:
RECOMMENDATIONS AND BEST PRACTICES
The key to reducing the risk from W-2 phishing scams and BEC is to understand the criminals’ techniques and deploy effective mitigation processes. There are various methods to reduce the risk of falling victim to this scam and subsequently disclosing sensitive information or executing a fraudulent wire transfer. Some of these methods include:
To address compromised domains it is recommended that, if possible, affected parties contact the appropriate service providers to report the activity and file a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov.
The Financial Services Information Sharing and Analysis Center (FS-ISAC) is the industry forum for collaboration on critical security threats facing global financial services sectors.