United States

Employers beware: Cybercriminals scheme to get employee W-2 information


A new scheme has tricked several well-known companies into unknowingly placing employee Form W-2 information directly into the hands of cybercriminals who quickly file fraudulent tax returns claiming refunds or sells the information on the ‘dark Web.'

The scheme uses an authentic-looking email sent to a company's human resources or payroll department that appears to be from a company executive requesting a copy of Forms W-2 for all employees. When the department replies to the request with the Forms W-2, the email is redirected to the scammer's website. Here, the Form W-2 information may be sold to other cybercriminals who open credit applications or bank accounts with the information or who file federal and state income tax returns showing the data from the Forms W-2s and claim a refund.

Because real data has been provided, the refund returns may escape other IRS or state filters and refunds may be paid.

Prevention is the best medicine to cure this ill. All departments with access to sensitive employee information (such as the human resources or payroll departments) should be made aware of this scheme, and procedures should be developed to prevent a response without confirmation from the requester.

If a data breach occurs, employers should advise employees on tax and data protection based on the IRS's Taxpayer Guide to Identity Theft. The Social Security Administration recommends that each employee creates a My Social Security account to monitor benefit activity.

Patti Burquest


Patti has extensive experience handling IRS examination and appeals matters for all types of business. Reach her at patti.burquest@rsmus.com.

Areas of focus: Tax ControversyWashington National Tax