Dive Brief:
- The IRS is warning HR departments and payroll that W-2 scams have returned, according to an agency statement published by NBC Montana. Cyber thieves use emails to trick HR and payroll departments into releasing W-2s, giving them access to employees' names, social security numbers and financial data. The criminals use the data to file fake tax returns.
- The phishing scam is known as "spoofing" email. Cyber thieves get a hold of the names of several CEOs, to whom they send the emails requesting W-2 information.
- The W-2 scam first surfaced in 2016 and can affect any organization in the U.S., according to the statement.
Dive Insight:
The IRS warns HR and payroll staff to look out for emails addressed to company heads or that ask for unusual types of information. All emails that appear unusual or suspicious should be flagged.
One notable attack occurred March 2016, when data storage company Seagate accidentally released thousands of customers' W-2 and tax data as a result of an advanced phishing scam.
To protect employees' personal data at all costs, employers might have to put in extra security measures to lower the risk of cybertheft.
