IRS Warns Employers About Form W-2 Scam Targeting Payroll and Human Resources Departments
The Internal Revenue Service (IRS) renewed a warning to employers about an email identity-theft scheme that uses the name of senior company officials to request sensitive employee information (such as Forms W-2) from payroll or human resources departments. (IRS News Release IR-2017-10, Jan. 25, 2017)
This Form W-2 scam occurred last year, and the IRS issued a similar alert on March 1, 2016 (IR-2016-34). Perpetrators reportedly tricked payroll and human resource employees into disclosing employee names, Social Security numbers (SSNs) and income information, and then filed fraudulent tax returns to try to obtain tax refunds. The IRS has received new notifications that the email scam is being used again in 2017.
The IRS news release notes that a “spoofing” e-mail will typically contain the actual name of a company official, such as the president or chief executive officer. Perpetrators send an email that appears to be from the executive’s company email address to the company’s payroll or human resources department, and requests information such as the following:
- “Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
- “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).”
- “I want you to send me the list of W-2 copy of employees’ wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”
The IRS urges payroll and human resources professionals to verify any executive-level or unusual requests for lists of Forms W-2, Social Security numbers or similar personal identification information. For example, such requests could be referred to management, and/or ultimately a phone call to the executive or their support staff to validate the need for sensitive information.
The IRS also issued News Release IR-2017-20 on February 2, 2017, to emphasize that these scams are also targeting schools, nonprofits and other organizations, and that the fraudulent emails may also ask that funds be wired to a certain account. The IRS suggests that “organizations receiving a Form W-2 scam email should forward it to email@example.com and place “W2 Scam” in the subject line.” Additionally, organizations that receive fraudulent email should file a complaint with the Internet Crime Complaint Center operated by the Federal Bureau of Investigation. For additional information and IRS suggestions on ways to protect sensitive information, see Publication 4524, Security Awareness for Taxpayers.
ADP Compliance Resources
ADP maintains a staff of dedicated professionals who carefully monitor federal and state legislative and regulatory measures affecting employment-related human resource, payroll, tax and benefits administration, and help ensure that ADP systems are updated as relevant laws evolve. For the latest on how federal and state tax law changes may impact your business, visit the ADP Eye on Washington Web page located at www.adp.com/regulatorynews.
ADP is committed to assisting businesses with increased compliance requirements resulting from rapidly evolving legislation. Our goal is to help minimize your administrative burden across the entire spectrum of employment-related payroll, tax, HR and benefits, so that you can focus on running your business. This information is provided as a courtesy to assist in your understanding of the impact of certain regulatory requirements and should not be construed as tax or legal advice. Such information is by nature subject to revision and may not be the most current information available. ADP encourages readers to consult with appropriate legal and/or tax advisors. Please be advised that calls to and from ADP may be monitored or recorded.
If you have any questions regarding our services, please call 855-466-0790.
One ADP Boulevard,
Roseland, NJ 07068
Updated on February 6, 2017
Download a PDF version of this article here.