Close Close
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards

Regulation and Compliance > Federal Regulation > IRS

IRS: Crooks want your clients' W-2s

Your article was successfully shared with the contacts you provided.

Cyber criminals are using emails with forged return addresses to trick payroll and human resources workers into sending them employees’ personal information, officials warn.

Internal Revenue Service (IRS) officials say criminals often “phish” for employees’ W-2 forms and other personal records by using emails that look as if they come from the targeted company’s chief executive officer.

See also: Data security gurus to corporate lawyers: Get to know the FBI

In a typical phishing email, the “CEO” may ask a payroll office employee for a list of employees, and the employees’ Social Security numbers.

One email IRS investigators found asked the recipient to, “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

In another email, a phisher wrote, “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as of 2/2/2016.”

The criminals who succeed at getting the employees’ personal information can use it to capture the employees’ tax refunds, by filing fraudulent tax returns, officials say.

The IRS has detected a 400 percent increase in the total number of known incidents involving phishing and malicious software this tax season, officials say.

The wave of phishing could affect insurance producers’ employee benefits clients.

The phishing attacks could also affect individual life and annuity clients, if clients’ employers share their personal information with the wrong people.

The IRS is asking employers, and any business that retains customers’ personal financial data, to use its cybersecurity guide for businesses, Safeguarding Taxpayer Data, as a source of ideas for improving data security efforts.

See also:

How to manage privacy and information security risk

Help your clients prevent tax identity theft


Are you following us on Facebook?


© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.