IRS warns about W-2 identity theft scam (press release)

Scammers are using names of senior officials to phish for employees' SSN's.


The Ukiah Police Department passed along this tip about an identity theft scam targeting payroll and human resource departments of organizations, especially schools and non-profits. Last year, thieves reportedly used the names of senior officials to trick human resources and payroll employees into turning over workers’ social security numbers and other sensitive information. Perpetrators then filed for fraudulent tax returns. The IRS reports that the scammers have started up again this tax season. Below are details of the scam and steps people can take to report it, as well as avoid being taken in by it. This information was shared by the Ukiah Police Department. The Mendo Voice has not independently verified any of the information:

IRS Warns Employers About Form W-2 Scam Targeting Payroll and Human Resources Departments

The Internal Revenue Service (IRS) renewed a warning to employers about an email identity-theft scheme that uses the name of senior company officials to request sensitive employee information (such as Forms W-2) from payroll or human resources departments. (IRS News Release IR-2017-10, Jan. 25, 2017)

This Form W-2 scam occurred last year, and the IRS issued a similar alert on March 1, 2016 (IR-2016-34). Perpetrators reportedly tricked payroll and human resource employees into disclosing employee names, Social Security numbers (SSNs) and other information, and then filed fraudulent tax returns to try to obtain tax refunds. The IRS has received new notifications that the email scam is being used again in 2017.

The IRS news release notes that a “spoofing” e-mail will typically contain the actual name of a company official, such as the president or chief executive officer. Perpetrators send an email that appears to be from the executive’s company email address to the company’s payroll or human resources department, and requests information such as the following:

“Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

“Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).”

“I want you to send me the list of W-2 copy of employees’ wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

The IRS urges payroll and human resources professionals to verify any executive-level or unusual requests for lists of Forms W-2, Social Security numbers or similar personal identification information. For example, such requests could be referred to management, and/or ultimately a phone call to the executive or their support staff to validate the need for sensitive information.

The IRS also issued News Release IR-2017-20 on February 2, 2017, to emphasize that these scams are also targeting schools, nonprofits and other organizations, and that the fraudulent emails may also ask that funds be wired to a certain account. The IRS suggests that “organizations receiving a Form W-2 scam email should forward it to [email protected] and place “W2 Scam” in the subject line.” Additionally, organizations that receive fraudulent email should file a complaint with the Internet Crime Complaint Center operated by the Federal Bureau of Investigation. For additional information and IRS suggestions on ways to protect sensitive information, see Publication 4524, Security Awareness for Taxpayers.

Did you enjoy this article? Consider paying a dollar and supporting local independent journalism.