- Office of Consumer Affairs and Business Regulation
Tax season is here. Unfortunately, this also means tax season scams are here and we’ve got the proof. Our office has received several data security breach notifications since the start of 2017 from companies that have fallen victim to the Form W-2 scam.
How does this scam work? Scammers either hack into email accounts or create email accounts that look very similar to that of a senior executive within the targeted company. They then email an employee, typically within the human resources or payroll departments, with a request for employee W-2 information. The employee, believing they are following the boss’ orders, sends the information, unknowingly giving the thief personal information, including social security numbers of everyone on the payroll.
Companies large and small are targeted by this scam but employers and employees can take steps to protect themselves:
- Review emails asking for W-2 information very carefully. Look at the email address, confirm the spelling of the requestor’s name, and even compare it to other emails from the same individual. If something looks off, be suspicious.
- Verify the authenticity of any email request for IRS Form W-2 information. Check the requestor is, in fact, asking for the information by emailing them. Remember to open a new email. If you reply to the email you received you will be communicating with the scammer. Better yet, call your coworker who is requesting the information. Your employer will be glad you did.
- Never open a link in an unverified email. It could contain malware.
- Consider instituting office protocol. Inform your employees as to who from management would request this information, who it would sent to, and what steps should be taken to verify.
- Report any unverified emails immediately to your IT professionals and notify the IRS.
For more information on tax-related phishing schemes, please see this recent consumer alert from the IRS.
