KPM

Search
Menu
Contact Us
Search
PAY NOW
KPM_LOGO
PAY NOW
Menu
  • Articles, Fraud
Quantifying Fraud Loss Charity Scams Employee Fraud Fraud Loss In Multiple Locations Early Revenue Recognition Liquidity Overload Keep Fraud Out Of Your Restaurant Guarding Against Fraud with Gen AI Lifestyle Analysis To Investigate Fraud Fraud prevention FinCEN Beneficial Owner Scam Vendor Fraud Residual Risk Antifraud Tax-Avoidance Scams Remote work Social Engineering in ACH/Wire Transfers Fraud risk Money Laundering Fraud FTC Accounts Receivable Phoenix Companies

Watch Out for W-2 Phishing Scams

A growing number of businesses have been victimized by W-2 phishing scams. These frauds are a variation on traditional phishing scams, where criminals trick email users into providing confidential information, and then use that information to steal money or the victim’s identity.

How it works

In a W-2 phishing scam, cybercriminals, claiming to be from a company’s management, send emails to employees — typically in payroll, benefits, or human resources departments. The emails request a list of employees along with their W-2 forms, Social Security numbers, or other confidential data.

At first glance, the emails may look legitimate because scammers use techniques known as business email compromise or business email spoofing. Many contain the company’s logo and the name of actual executives that the thieves have obtained online. The messages use language such as, “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

If the employee responds to the phishing email, criminals can use this information to file fraudulent tax returns in the employees’ names. The ultimate objective is to claim their refunds.

Education is key

Recently, the IRS released an alert urging employers to educate payroll and other employees about the dangers of W-2 phishing scams. Be sure to inform all workers, particularly those in areas that handle sensitive data, about the scams. Remind them not to click on links or download attachments from emails that are unsolicited, sent from addresses they do not recognize, or that seem in any way suspicious.

Employees often are nervous about questioning a request that appears to come from upper management. So, encourage them to double-check any email request for sensitive information, no matter who appears to be making it. They should do this not by responding to the email in question, but by talking with a supervisor or colleague.

Do not fall victim

Technology has a role to play as well. Install robust antivirus and spam filters and keep them updated.

With sensible precautions, your business can reduce the risk of falling victim to W-2 phishing scams. But if your company does fall victim, report the attack as soon as possible to the IRS. Contact us for more information.

Related Articles

Valuation

Assessing Loss: Profit Loss Vs. Diminished Organization Value

Employer

IRS Guidelines: Tax-Advantaged Accounts Limited To Medical Expenses For Employers

Assurance

Strategies For Effective Inventory Management

Talk with the pros

Our CPAs and advisors are a great resource if you’re ready to learn even more.

Contact us