Taxpayer Tips: IRS, Maryland Comptroller Warn Employers to Be Wary of W-2 Scams

Start of new tax season could bring surge in phishing scheme

ANNAPOLIS, Md. - With the 2018 tax season starting January 29, the Internal Revenue Service, Maryland Comptroller Peter Franchot and tax industry leaders urge employers to educate their payroll staff about Form W-2 phishing scams. These schemes try to trick payroll personnel into disclosing sensitive information at small and large businesses, public schools and universities, hospitals, tribal governments and charities.

“These cybercriminals will try anything to access taxpayers’ personal and financial information,” said Comptroller Peter Franchot. “Bogus emails, fraudulent identities and persuasive claims are all in their bag of tricks. That’s why my team is laser-focused on stopping and holding accountable scammers who attempt to take advantage of law-abiding Maryland taxpayers.”

In 2017, the Maryland Comptroller’s office blocked suspicious tax returns from 95 tax preparation businesses at 113 locations throughout the state. Since taking office in 2007, Comptroller Franchot’s nationally renowned Questionable Returns Detection Team has identified and blocked more than 88,000 fraudulent returns and intercepted and denied $190.2 million worth of fraudulent refunds.

Last year, the IRS said reports to phishing@irs.gov from victims and non-victims about this scam jumped to approximately 900, compared to slightly more than 100 in 2016. More than 200 employers were victimized in 2017, which translated into hundreds of thousands of employees who had their identities compromised.

By alerting employers now, the IRS and its partners in the Security Summit effort hope to reduce the number of victims this year. Last year, the IRS also created a new process to report these scams.

Here’s how the scams work: Cybercriminals identify chief operating officers, school executives or others in authority. Using a technique known as business email compromise or business email spoofing, fraudsters posing as executives send emails to payroll personnel requesting copies of Forms W-2 for all employees. The Form W-2 contains the employee’s name, address, Social Security number, income and withholdings. Criminals use that information to file fraudulent tax returns, or they post it for sale on the Dark Net.

The IRS has established a special email notification address specifically for employers to report Form W-2 data thefts. Email dataloss@irs.gov to notify the IRS of a Form W-2 data loss and use the subject line “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data. Include your business name, business employer identification number (EIN) associated with the data loss, name, phone number, summary of how the data loss occurred and volume of employees impacted.

Employers can learn more at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. Employers also should be aware that cybercriminals’ scams constantly evolve. Finance and payroll personnel should be alert to any unusual requests for employee data.