The IRS issued a warning on January 25, 2017, about a resurgence of a dangerous email phishing scam targeting W2 Inquiries. This scam is designed to trick Human Resources and payroll departments into disclosing sensitive employee information.
🚨 What to Watch For in W2 Inquiries Scams
Cybercriminals impersonate C-level executives and request employee data under the guise of legitimate W2 Inquiries. These emails often contain urgent language and requests:
- Employee names
- Social Security Numbers
- Dates of birth
- Home addresses
- Salary details
- W-2 forms in PDF format
Common phishing email phrases include:
- “Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2s of our company staff for a quick review.”
- “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)?”
- “I want you to send me the list of the W-2 copy of the employee’s wage and tax statement for 2016. I need them in a PDF file; you can send it as an attachment. Kindly prepare the lists and email them to me asap.”
🔓 What Happens When W2 Inquiries Are Compromised
- Fraudulent Tax Returns: Stolen W-2 data is used to file fake tax returns and claim refunds.
- Identity Theft: Leaked Social Security Numbers can lead to long-term identity theft issues.
- Black Market Sales: Cybercriminals often sell this data, increasing the damage and their profits.
🛡️ How to Stay Safe During W2 Inquiries
- Verify Requests: Always confirm the authenticity of W2 Inquiries by contacting the requester directly via phone.
- Secure Data Transmission: Never send sensitive data in plain text. Use encrypted platforms like Microsoft’s Enterprise Mobility + Security suite for secure sharing.
- Implement Internal Safeguards:
- Require dual verification before releasing W-2 information.
- Train staff to recognize phishing attempts.
- Use phishing simulation tools like the Attack Simulator for Office 365, which mimics real-world threats to improve awareness
- Maintain robust backup and disaster recovery systems to ensure business continuity.
🧠 Final Thoughts
Anti-virus and anti-malware tools alone are not enough. Organizations must treat W2 Inquiries as high-risk transactions and enforce strict protocols to prevent data breaches. By staying vigilant and proactive, you can protect your employees and your business from the devastating consequences of phishing scams.
Charles Lobert, has been in the Detroit Metro Area’s IT industry for over two decades & with VCS since ’04. Throughout the years, Lobert has held nearly every position at VCS & is responsible for several major organizational shifts within VCS.