The internal revenue service is warning businesses and non-profit organizations alike to beware of a W-2 phishing scam that seems to be expanding its target list this year. This scam has already claimed at least one victim in Wyoming.
Here’s how the scam works:
Cyber criminals will use various techniques to disguise an email to make it appear as if it is from your organization’s executive. That email is then sent to employees in your organization’s payroll or HR departments, requesting a list of all employees and a copy of their most recent W-2 Form.
There were more than 145 organizations that fell prey to this scam in the US in 2016.
Alert your employees to look at the header on the email. If it came from outside your system.
Make certain you’ve informed all of your employees of this scam and encourage them to speak up and ask questions when they receive a request for confidential information, regardless of who it appears to be from. We recommend that all email requests for W-2’s require a phone call verification of the request before releasing such information. (IE – Call the executive and verbally verify that they are requesting the information.)
Finally, if this happens to your school is hit by a W-2 scam, file a complaint with the Internet Crime Complaint Center operated by the Federal Bureau of Investigation. Also, visit identitytheft.gov or www.irs.gov/identitytheft to file the identity theft affidavit.
Specific questions? Email Rachel Dobbs.
The information provided herein presents general information and should not be relied on as insurance advice when analyzing and resolving a specific issue. If you have specific questions regarding a particular fact situation, please consult with competent insurance brokers and/or legal counsel about the facts and laws that apply.