For the third year in a row, an IRS warning has been issued about one of the most dangerous, most successful and most infuriating phishing attacks of all time: the “Employer W2 Scam“. The “W2 Scam” first reared its ugly head two years ago, during tax season. It reappeared last year, prompting an IRS warning to employers and their employees across the United States. Sadly, many companies and their hard-working employees fell victim to the scam.
Now, it’s back again.
How the Employer W2 Scam Works
There are actually several variations of the W2 Scam, and they center around what is known as “business email compromise”, or BEC. BEC is a form of email spoofing in which the scammers create fake email addresses for businesses, present themselves as employees of those businesses and send emails to payroll personnel requesting copies of W2 forms for all of the businesses’ employees.
W2s include information about a company’s employees – names, addresses, social security numbers, income, and withheld taxes – that make it possible for the criminals to file fake tax returns. In some cases, the data was posted and sold on the Dark Net. Last year, hundreds of thousands of people across the country fell victim to the W2 scam.
How to Protect Yourself
The first step towards protecting yourself against the Employer W2 scam is to recognize that every employer is at risk. Understanding the risk allows you to take steps to protect yourself and your employees:
- Educate your employees about the W2 scam.
- Teach employees in your Human Resources and Payroll departments how to recognize fake emails.
- Limit the number of employees who are authorized to handle W2 forms.
- Implement policies and practices that require employees who handle W2 forms to obtain additional verification and validation before wiring or emailing sensitive information to anyone.
- Work with a Las Vegas accounting firm to review your policies and practices, manage your W2s, and help safeguard your company against the scam.
Being proactive is the best way to protect yourself against the Employer W2 Scam and prevent you and your employees from being victimized.
What to Do If You’re Scammed
The W2 Scam has become such a scourge that the IRS has put a special reporting system in place to help employers who believe they have received a suspicious email or have fallen victim to the scam. If you receive a suspicious email that you believe is tied to the Employer W2 Scam, forward the entire email to: email@example.com and put “W2 Scam” in the subject line of the email. If you have your data stolen as a result of the W2 Scam, you should notify the IRS immediately by sending an email to firstname.lastname@example.org (put “W2 Data Loss” in the subject line).
Include the following information in the body of your email:
- The name of your business
- The Business Employer Identification Number (EIN) for your business
- The contact information (name and phone number) for someone at your business
You should also provide a summary of the incident, including information about when and how the data loss occurred, how many employees were affected and any other information you think the IRS should know. You should not attach any information about the employees who were affected.
Protect Yourself and Your Employees from the Employer W2 Scam
The Employer W2 Scam is back – and only you can protect yourself. Educate your employees. Work with a Las Vegas accounting firm to safeguard your data. And if you are victimized, contact the IRS immediately. For more information on tax fraud and how to protect yourself, contact us at 702-870-7999 today!