IRS warning that W-2 Phishing Scheme is evolving to more organizations

This scheme is sometimes referred to as business email compromise, or business email spoofing.

FILE - In this March 22, 2013 file photo, the exterior of the Internal Revenue Service building in Washington. As millions of Americans file their income tax returns, their chances of getting audited by the IRS have rarely been so low. The number of people audited by the IRS last year dropped for the sixth straight year, to just over 1 million. The last time so few people were audited was 2004, when the population was significantly smaller. (AP Photo/Susan Walsh, File)

(WWLP) – An email phishing scheme involving W-2 forms is spreading into more industries.

In February, the IRS, state tax agencies and the tax industry issued an urgent alert that the W-2 email phishing scheme evolved beyond the corporate world and into other sectors, including school districts, tribal organizations, and nonprofits.

The IRS said cyber-criminals use various spoofing techniques to disguise and email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their W-2 Forms .

This scheme is sometimes referred to as business email compromise, or business email spoofing.

Cyber-criminals are also emailing the payroll or comptroller and asking that a wire transfer also be made to a certain account.

The email scam is circulating earlier in the tax season than last year, and is targeting more organizations including school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare and shipping and freight.

The businesses that received the phony emails last year are reportedly receiving it again this year.

IRS Special Agent in Charge Joel Garland said the schemes are surging in New England, especially in Massachusetts and Connecticut.

The schemers are also coupling their efforts to steal employee W-2 information with an older scheme on wire transfers that is affecting organizations nationwide.

IRS Commissioner John Koskinen said this is one of the most dangerous email phishing schemes thev’re seen in a long time. He said it can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns.

When employers report W-2 thefts to the IRS, the agency can take steps to help protect employees from tax-related identity theft.

The IRS, state tax agencies, and the tax industry work together with the Security Summit and have enacted safeguards to identify fraudulent returns. As the Summit partners make progress, cyber-criminals need more data to mimic real tax returns.