The IRS recently provided an update on a growing scam targeting employers.
The scam generally operates as follows: criminals devise methods to create emails that appear as though the message has been sent from an executive or manager. The spoof emails are “sent” from the manager or executive to the organization’s HR or payroll department, and request, citing various reasons, that the recipient reply with copies of the Form W-2s for all employees. The scammers then use the employee’s information from the W-2 to file a tax return and claim a refund as that employee.
Often this scam is not discovered until the real employee later files for his or her refund, which has already been falsely claimed by the scammer. This scam is particularly dangerous as it involves a theft of mass data on large numbers of employees. Further, in a recent twist on the scam, the criminals, posing as a company executive, have even sent email requests that money be wired to the criminal’s account.
Employers can take certain steps to help avoid this scam, and to prevent the false claim of refunds if the employer feels it has already fallen victim to the scam.
- Employers should ensure that all HR, payroll, and finance employees are aware of the scam, as well as any other employee who may have access to employee W-2’s or other identifying information.
- These employees should verify requests for sensitive data, either in person, with a phone call, or by some other means.
The IRS urges employers to report attempted scams by forwarding the spoof email to firstname.lastname@example.org. Employers should also monitor the IRS news releases to stay current on scams and their evolution.
If an organization believes it has fallen victim to this scam, it should immediately report the W-2 theft to the IRS. The IRS can take protective measures to help prevent the scammer from filing a fraudulent tax return and obtaining the employee’s tax refund. The IRS continues to take measures to help identify these fraudulent returns, which includes requiring more identifying data.
Any employees for whom a W-2 or other identifying information was stolen should review the recommended actions at www.irs.gov/identitytheft. If the employee’s tax return is rejected because a scammer has filed a fraudulent return on his or her behalf, the employee should file a Form 14039 Identity Theft Affidavit.