Form W-2 Scams Targeting HR and Payroll Resurface, IRS Warns

Author: Rena Pirsos, XpertHR Legal Editor

January 30, 2017

The IRS has issued a warning to HR and payroll professionals about an email scam that falsely uses the name of an actual corporate officer within their own organization to request employees' Forms W-2 containing their personal identifying information, including names, Social Security numbers (SSNs) and income information.

The scam, which emerged at this time of year in 2016, has resurfaced across the US now that payroll departments are busy filing the tax year 2016 W-2s with the Social Security Administration, and providing copies to each employee, by the January 31 due date. HR and payroll professionals are strongly urged to double check any executive-level or unusual requests for lists of Forms W-2 or SSNs, and to report any suspicious emails and online scams.

Individuals receiving an annual Form W-2 must include the information from the form when filing their personal income tax returns in the Spring. The cyber criminals who obtain this identifying information use it to file fraudulent tax returns to obtain tax refunds.

The IRS explains that in this phishing scam, known as a "spoofing" e-mail, the "CEO" sends an email to a company payroll office or HR employee and requests a list of employees and related information, including SSNs. The following are some of the detailed requests that may be contained in the emails:

  • "Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review."
  • "Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)?"
  • "I want you to send me the list of W-2 copy of employees' wage and tax statements for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap."

Although the IRS, state taxing agencies and the tax industry have made progress in the fight against tax-related identity theft (working together in a Security Summit), the group has found that cyber criminals are using increasingly sophisticated tactics to try to steal even more data than ever, which allows them to more easily impersonate taxpayers.

One initiative in this regard is the introduction, starting with the tax year 2016 W-2s filed in 2017, of a new coding system that matches up W-2 forms with individual income tax returns filed so that fraudulent returns can be flagged before refunds are issued.

To assist with this initiative, employers may be asked to respond to more IRS and/or state taxing agency income-verification requests than previously. Employers should be prepared to cooperate by providing the requested information on discs in the SSA's RW record format.

The Security Summit supports a national taxpayer awareness campaign called Taxes. Security. Together., and a national tax professional awareness effort called Protect Your Clients; Protect Yourself. These campaigns offer simple tips that can help employers make their data more secure.