Recently the Internal Revenue Service (IRS) issued an alert to payroll and human resources professionals to warn them about an email scam. In our effort to keep our customers protected and informed we are passing along this information. Also, please note that all W-2 forms should be distributed in California no later than January 31. If your w-2 is returned by mail as undeliverable, do not open the envelope. The sealed envelope with its postmark serves as proof that you attempted to send the Form W–2 on time. Make a copy of the envelope and keep the copy in your records for 4 years.
The IRS is urging company payroll officials to double check any executive-level or unusual requests for lists of Forms W-2 or Social Security numbers (SSNs).
In this scam, cybercriminals attempt to trick payroll and human resource officials into disclosing employee names, SSNs and income information. The thieves then use the stolen personal information and data to try to obtain money, including filing fraudulent tax returns for refunds.
The criminals send a fake or “spoofing” e-mail pretending to be from the actual CEO or CFO of the company. In the email, the “CEO” requests a list of employees and information about the employees, including their SSNs, from company payroll officers or human resource employees.
The following are some of the details that may be contained in the emails:
- Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, and Salary).
- I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me ASAP.
The IRS warns that cybercriminals are using more sophisticated tactics to try to steal even more data that will allow them to impersonate taxpayers.
Concerned employers can visit the IRS website to get assistance with reporting phishing and other online scams.
For more information on protecting personal, financial and tax data, see IRS.gov/taxessecuritytogether for additional steps businesses and individuals can take. Businesses that retain sensitive financial data are also encouraged to review and update their security plan. Safeguarding Taxpayer Data, A Guide for Your Business, provides a starting point and recommendations from the IRS.