W-2 phishing scam targets tax records

The Form W-2 phishing email is back. A wildly successful scam last tax season, it has been used by fraudsters to trick thousands of people into giving them information found on Form W-2: names, addresses, Social Security numbers, and bank account information.

This year the scam has evolved to also include CEO fraud. Scammers are impersonating high-level employees and emailing human resources departments to get hold of employee tax records on a much greater scale. With that, the scammers can file fraudulent tax claims on behalf of the taxpayer and receive thousands of dollars.

Who it targets

When the scam first appeared, it focused on for-profit companies – affecting at least 145 organizations – but there has been no such prejudice this year. First they came for the drywall manufacturers, then they came for the minor league baseball teams, and now they’re coming for schools and nursing homes.

Recent attacks on employees at a nursing home in Indianapolis and high schools in Bloomington, MN, and Trenton, MO, have coincided with the IRS issuing an “urgent alert” for all organizations. The IRS has also considered delaying refunds for tax claims – which could see as many as 40 million low-income families without refund checks, Earned Income Tax Credit (EITC), or child-tax credits.

How it works

The scam operates on a much larger scale than the original phishing email. The scammer, passing themselves off as a high-level employee, contacts the payroll or human resources department and asks them to forward the Forms W-2 of their employees.

These forms contain almost all the data needed to file a false tax refund claim, including employer name, employer ID, address, taxpayer address, Social Security number, and information about the past year’s wages and taxes withheld.

In some cases, Forbes reports, the scammer doubles-down on the identity theft and sends the HR department another email. In this one, they request that funds be transferred by wire to a certain bank account to cover payroll or other bills.

Learn how to protect against phishing attacks

Identity theft happens every tax season, and hundreds of thousands of Americans find themselves victim. The scams often begin with phishing emails, with scammers relying on people handing over information they shouldn’t.

Learning how to spot a phishing email is the only true defense against them. You can teach your staff how to recognize a phishing attack with our Phishing Staff Awareness e-learning course. With real-life examples, tips, and best practices, the course raises awareness about email-based attacks and social engineering threats.

Learn more about the Phishing Staff Awareness e-learning course >>