Topel Forman News

Today’s Fraud Topic (February 8, 2018)

Watch out for W-2 phishing scams

A growing number of businesses have been victimized by W-2 phishing scams. These frauds are a variation on traditional phishing scams, where criminals trick email users into providing confidential information, and then use that information to steal money or the victim’s identity.

How it works

In a W-2 phishing scam, cybercriminals, claiming to be from a company’s management, send emails to employees — typically in payroll, benefits or human resources departments. The emails request a list of employees along with their W-2 forms, Social Security numbers or other confidential data.

At first glance, the emails may look legitimate because scammers use techniques known as business email compromise or business email spoofing. Many contain the company’s logo and the name of actual executives that the thieves have obtained online. The messages use language such as “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

If the employee responds to the phishing email, criminals can use this information to file fraudulent tax returns in the employees’ names. The ultimate objective is to claim their refunds.

Education is key

Recently, the IRS released an alert urging employers to educate payroll and other employees about the dangers of W-2 phishing scams. Be sure to inform all workers, particularly those in areas that handle sensitive data, about the scams. Remind them not to click on links or download attachments from emails that are unsolicited, sent from addresses they don’t recognize or that seem in any way suspicious.

Employees often are nervous about questioning a request that appears to come from upper management. So encourage them to double-check any email request for sensitive information, no matter who appears to be making it. They should do this not by responding to the email in question, but by talking with a supervisor or colleague.

Don’t fall victim

Technology has a role to play as well. Install robust antivirus and spam filters and keep them updated.

With sensible precautions, your business can reduce the risk of falling victim to W-2 phishing scams. But if your company does fall victim, report the attack as soon as possible to dataloss@irs.govContact us for more information.

 

© 2018

About Topel Forman

What makes our firm special

Contact Us

Reach out to Topel Forman

Services

Learn what we have to offer

Related News Posts

Topel Forman Welcomes Four New Partners

Topel Forman Welcomes Four New Partners

Topel Forman is thrilled to announce the promotion of four accomplished professionals to its partner group, bringing the total to 16 partners as of January 1, 2025. This significant milestone underscores the firm’s commitment to excellence, leadership, and the growth of its team.

read more
Tax Alert: President Biden Signs Federal Disaster Tax Relief Act of 2023

Tax Alert: President Biden Signs Federal Disaster Tax Relief Act of 2023

On December 12, 2024, President Biden signed into law the Federal Disaster Tax Relief Act of 2023 (H.R. 5863), providing tax relief for victims of various federally declared disasters. This legislation offers benefits to individuals and businesses affected by natural disasters, wildfires, and the East Palestine, Ohio train derailment.

read more