Fraudulent requests that appear to be from a company executive requesting personal information for your employees are a popular scam around W2 time each year.
What You Need To Know
A phishing email may say something like, “I am performing an analysis on compensation and I need copies of our W2’s for last year.” These emails almost always look legitimate because the cybercriminals are very good at what they do, and busy payroll professionals at year end often fall for the authentic-looking requests for W2 files without verifying that the email is genuine. Once the criminals gain access to your employees’ data, they file fraudulent tax returns.
If you receive an email request for W2 information, do not reply until you contact the party in person or by telephone to confirm that they actually sent the email. Even a busy CEO will thank you for double checking because he or she does not want to see the company name on the news because of a data breach.
Forward any W2 scam emails that you might receive to firstname.lastname@example.org.
In a worst case scenario where you do suffer a W2 data loss, send an email to email@example.com. Type W2 Data Loss in the subject line so that your email will be routed to the correct area. Do not include any employee personally identifiable information in your email to the IRS, but be sure to include your contact information -- name, address, email, and phone. You must also notify your state and local tax agencies. And you will also have to inform your employees immediately.
For more information on protecting against W2 scams, go to www.irs.gov/identity-theft-fraud-scams and see the Businesses section.