It is that time of year when companies are scrambling to get out W-2 information. January 31st was the deadline to send these forms to employees. Those running tax scams are savvy or they wouldn’t be successful.
That is why it’s not a huge surprise to see a warning from the IRS about the second round of the W-2 scam. We described the basics of how it works in our April 2016 blog post. This post will share some tips for avoiding disclosing sensitive information to the wrong people.
Payroll and human resources staff are the targets of these emails. During this busy season, these criminals rely on you to skim emails and rush to answer manager or executive questions.
Spoofing emails will contain the real name of an executive, such as an CFO or CEO at a medium- or large-size company. Information requested may be:
- Individual W-2s and earning summaries for a quick review
- An updated list of company employees including name, social security number, date of birth and home address
- W-2 copies of employee wages and tax statement for 2016
The requests may ask for the information in pdf format and will often include some urgency – “email them to me asap.”
Whenever you get this type of request, follow up with a manager and ask questions. The person who the email claims to be from is probably not just down the hall. That is what the scammers count on. Take the time to verify that any emails requesting sensitive employee information are legitimate.
If your company is affected by this type of phishing scam report it to the IRS.