Skip to content

Scammers Target Workers' W-2 Forms

IRS warns of fake emails supposedly from company executives seeking employee data

New phishing scam targets financial advisers

Getty Images

Be cautious of emails coming into your inbox or it could cost you.

The Internal Revenue Service has warned tax professionals and businesses of email scams involving fraudsters who pose as company executives to gain access to employee payroll records.

Known as W-2 or BEC (business email compromise) attacks, the scams involve phishing, which happens when swindlers send emails that appear to come from a legitimate source to get the personal data that then lets them steal money. In this case, the phishing letters are sent to a company’s finance, payroll or human resources department or outside tax-preparation firms requesting employee W-2 forms that offer access to private information such as Social Security numbers and home addresses. This prized information — often resold to other cybercriminals — can be used to fraudulently file someone’s tax returns and request refunds in their name.

The BEC emails look like they’re coming from actual company executives and sometimes even contain personal details gathered from social media that elicit trust by referring to vacations or social events.

The IRS first issued a W-2 scam warning during the 2016 tax filing season, when about 50 businesses, schools and nonprofits were victimized. So far this year, 200 businesses and other organizations have been hit, and information stolen on hundreds of thousands of people.

The ruse has hit Silicon Valley technology firms, including Snapchat, Sunrun and Seagate Technology, as well as cyber security contractors, such as Defense Point Security. Mainstream firms have also been targeted, including Indianapolis-based Scotty’s Brewhouse, where a scammer posing as company founder Scott Wise tricked the company’s payroll manager into emailing W-2 data for 4,000 employees at 19 restaurants in four states.

“These are incredibly tricky schemes that can be devastating,’’ said IRS Commissioner John Koskinen. “Cybercriminals target people with access to sensitive information, and they cleverly disguise their effort through an official-looking email request.”

Federal authorities have identified only one recent suspect in a W-2 related case. Daniel Adekunle Ojo, a Nigerian national living in North Carolina on an expired visa, was arrested this month and charged with fraud and identity theft for allegedly seeking W-2 information about 1,600 Glastonbury, Conn., public school employees. More than 100 tax forms seeking nearly $600,000 in tax refunds using the Glastonbury victims' information were filed electronically with the IRS.  

Have a phishing scam or loss to report? Contact the IRS.