IR-2017-130, August 15, 2017 Español
WASHINGTON – The IRS, state tax agencies and the tax industry today urged tax professionals and businesses to beware of a recent increase in email scams targeting employee Forms W-2.
The W-2 scam – called a business email compromise or BEC – is one of the most dangerous phishing email schemes trending nationwide from a tax administration perspective. The IRS saw a sharp increase in the number of incidents and victims during the 2017 filing season.
Increasing awareness about business email compromises is part of the “Don't Take the Bait” campaign, a 10-part series aimed at tax professionals. The IRS, state tax agencies and the tax industry, working together as the Security Summit, urge practitioners to learn to protect themselves and their clients from BEC scams. This is part of the ongoing Protect Your Clients; Protect Yourself effort.
A business email compromise occurs when a cybercriminal is able to “spoof” or impersonate a company or organization executive's email address and target a payroll, financial or human resources employee with a request. For example, fraudsters will try to trick an employee to transfer funds into a specified account or request a list of all employees and their Forms W-2.
“These are incredibly tricky schemes that can be devastating to a tax professional or business,” said IRS Commissioner John Koskinen. “Cybercriminals target people with access to sensitive information, and they cleverly disguise their effort through an official-looking email request.”