February 20, 2017 – Earlier this month, the Internal Revenue Service (IRS) published a warning about Form W-2 phishing scams that businesses and organizations could be facing in 2017. These scams were once limited to the corporate world, but are now targeting school districts, tribal organizations, and nonprofits.

Phishing refers to a general trend of cybercriminal activity in which emails are sent out from seemingly reputable sources, requiring some degree of private or personal information from the victim.

The Form W-2 phishing scam usually appears as though it is coming from an organization’s executive officer, and is sent to an organization’s payroll or HR department requesting the names of all the organization’s employees and their W-2 forms. Once cybercriminals have this data, they are able to commit any manner of identity-theft and tax-related crimes.

In addition, cybercriminals are pairing the Form W-2 scam with an older scam requesting that organizations wire transfer funds to the criminal. Organizations that fail to recognize the Form W-2 scam are more likely to be victimized twice.

For more information, please visit the IRS website here: https://www.irs.gov/uac/dangerous-w-2-phishing-scam-evolving-targeting-schools-restaurants-hospitals-tribal-groups-and-others

Smith Marion & Company would like everyone to be aware of these phishing scams, and would like to help keep our businesses and organizations safe from cybercriminal activity.