IRS Warns of Phishing Scheme Involving W-2s

WASHINGTON, DC (March 7, 2016) – The IRS recently issued a statement to payroll and human resource professionals warning about new phishing attacks aimed at obtaining employees’ social security numbers. The phishing e-mails, which ask for employee records and W-2 details, are doctored to appear as if they are from the company’s CEO.

While this has occurred in previous years, the IRS noted a 400% increase in phishing and malware related attacks this tax season. Additionally as attacks have become more frequent they also have become more sophisticated. Employees at companies handling employee sensitive information are often the last line in defense against schemes similar to this.

“The IRS has learned this scheme — part of the surge in phishing emails seen this year — already has claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives.”

The full alert from the IRS is available here.