Resource center

IRS bulletin on tax fraud: Email phishing combines W-2 theft and wire fraud


The Internal Revenue Service has issued an advisory bulletin to all tax professionals, employers, and other tax payers about tax form related phishing campaigns, including several new variations that combine W-2 scams with business email compromise (BEC) and wire transfer fraud. IRS’s Online Fraud Detection & Prevention (OFDP) office — which manages — observed a significant increase in reports of W-2 related scams from more than 100 in 2016 to approximately 900 reports in 2017, an 800% increase.

That's why the Internal Revenue Service is urging everyone to be on guard against the return of the Form W-2 phishing scam that last year made victims of hundreds of organizations and thousands of employees.

The bulletin will provide you with the following information:

  • How the fraud works
  • How to prevent it
  • What to do if you think you are a victim

How it works:

Cybercriminals use various spoofing techniques in attempts to contact an employee in the payroll or human resources departments, requesting a list of all employees and copies of their Form W-2. Such techniques include disguising an email to make it appear as if it is from an organization executive or even compromising the email account itself gain legitimacy.

In the latest twist, the cybercriminal follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. This scam is sometimes referred to as business email compromise (BEC). In one case, an administrator account was phished and the email was used to contact the company’s president requesting W-2s. Although not independently tax related, the wire transfer scam is being coupled with the W-2 scam email. Some companies have lost both employees' W-2s and thousands of dollars due to wire transfers. The W-2 scam is just one of several new variations to appear in the past year that focus on the large-scale thefts of sensitive tax information from tax preparers, businesses and payroll companies. Individual taxpayers also can be targets of phishing scams, but cybercriminals seem to have evolved their tactics to focus on mass data thefts.

How to prevent:

The key to reducing the risk from W-2 phishing scams and BEC is to understand the criminals’ techniques and deploy effective mitigation processes. There are various methods to reduce the risk of falling victim to this scam and subsequently disclosing sensitive information or executing a fraudulent wire transfer. Some of these methods include:

Employers should educate their payroll personnel on the techniques used by fraudsters so that payroll staff can effectively evaluate if an email is a legitimate request from a company executive.

The IRS urges employers to consider creating a policy to limit the number of employees who have authority to handle Form W-2 requests.

Companies also should require additional verification procedures to validate the actual request before emailing sensitive data such as employee Form W-2s. Require dual-approval for wire transfer requests.

What do to if you think you are a victim:

Contact SVB Private immediately upon concern you may be a victim. Working with your Private Banker, our fraud team will guide you through the necessary steps to secure your account.

If your business received a BEC/BES W2 email, please forward the email to the IRS,

If notified quickly after the loss, the IRS may be able to take steps that help protect your employees from tax-related identity theft. Email to notify the IRS of a W-2 data loss and provide your contact information

File a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.