‘Tis the season of scammers trying to gain access to your confidential information, especially those W-2s that you recently received. Be on alert for phishing scams!
Here’s how the typical scam works:
Cybercriminals do their homework identifying CEOs, executives or others in positions of authority. Using a technique known as Business Email Compromise (BEC) or Business Email Spoofing (BES), fraudsters posing as executives send emails to payroll or human resource personnel requesting copies of W-2 forms for employees. They’ve also been known to watch social media sites looking for newer employees who may not question authority.
The initial email may be a friendly “Hi, are you working today?” exchange before the fraudster asks for confidential information (like W-2 forms) or follow up with a request for a wire transfer.
Here’s a few things to keep in mind:
- The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.
- Your W-2 information is confidential and should not be shared via email.
- Executives are not likely to request a wire transfer via email.
- Don’t click on links. If you do, notify your IT department ASAP.
Businesses and organizations that fall victim to the scam and even those that do not fall victim, but receive a suspect email should send the full email headers to firstname.lastname@example.org and use “W2 scam” in the subject line.
You can learn more about scams and how to report them, visit the IRS site here.