The IRS is warning employers to be on guard “against a growing wave of identity theft and W-2 scams” [IRS Tax Tip 2018-188, 12-6-18]. The IRS also cautioned employers about “an uptick in phishing emails … that involve payroll direct deposit and wire transfer scams” [IRS News Release IR-2018-253, 12-17-18]. Occurrences of the scams will increase as the tax filing season approaches, the IRS warned.
The email from the “employee” asks the payroll or HR staff to change the direct deposit account for payroll purposes. The “employee” provides a new bank account and routing number controlled by the thief.
A Rundown of the Scams
- W-2 scam. Payroll employees are sent emails that appear to be from an executive or organization leader. The message usually starts with a simple greeting, such as: “Hey, you in today?” The emails will eventually ask for sensitive Form W-2 information. Because employees believe they are corresponding with a company executive, it may take weeks for someone to realize a data theft has occurred.
- Direct deposit scam. This scam involves emails that generally impersonate an employee, often an executive, that are sent to payroll or human resources. The email from the “employee” asks the payroll or HR staff to change the direct deposit account for payroll purposes. The “employee” provides a new bank account and routing number controlled by the thief.
- Wire transfer scam. The emails impersonate a company executive and are sent to the company employee responsible for wire transfers. The email requests a wire transfer made to a specific account controlled by the thief.
How to Report Scams
Here is an abbreviated list of how a business should report these scams.
- For victims of the W-2 scam, specific information is available on the IRS’s Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers website.
- Email the Federation of Tax Administrators at StateAlert@taxadmin.org to get information on how to report victim information to the states.
- File a complaint with the FBI’s Internet Crime Complaint Center.
- Forward the scam email to firstname.lastname@example.org.