The Pennsylvania Department of Revenue and the Internal Revenue Service are warning all employers about an email phishing scam that is expanding from the corporate world to public schools and nonprofits.
“This large-scale theft can give criminals sensitive financial information about employees that can be used to commit various crimes, including tax identity theft by filing a fraudulent tax return in the name of a victim,” Secretary of Revenue Eileen McNulty said.
Cybercriminals disguise an email to appear as if the message is from an organization executive. The email is sent to payroll or human-resources employees, requesting a W-2 form for each employee in the organization, according to a news release from the Department of Revenue.
“We encourage all employers to be on guard and to warn payroll and human-resources employees about the scam,” McNulty said.
The scam first appeared last year and, according to the IRS, has expanded this year to more employers, including public schools, chain restaurants, temporary staffing agencies, health care and shipping and freight companies.
The scammers sometimes follow up with a fake “executive” email to the organization’s payroll or comptroller staff, asking them to wire transfer to a certain account. The IRS reports that some companies have given the cybercriminals both their employees’ confidential tax information from the W-2s and thousands of dollars due to wire transfers.
Department of Revenue officials said the W-2 scam is just one of several email phishing or phone scams that try to trick employers and taxpayers into giving out sensitive financial information.
According to the IRS, taxpayers and tax preparers should be leery of using search engines to find technical help with taxes or tax software. Selecting the wrong “tech support” link could lead to a loss of data or an infected computer. Also, software “tech support” will not call users randomly.
Employers victimized by this scam should immediately report the W-2 thefts to both the Department of Revenue and IRS. The agencies will immediately take steps to try to help protect employees against tax-related identity theft.
Additionally, organizations receiving a W-2 scam email should forward it to both the Department of Revenue at [email protected] and the IRS at [email protected] and place “W2 Scam” in the subject line.