As the tax season looms, the Internal Revenue Service is warning employers to be on the lookout for an evolved W-2 email phishing scam that is targeting companies as well as school districts, tribal organizations and nonprofits.

The W-2, the U.S. federal tax form that employers send to employees and the IRS,  reports not only annual wages and taxes withheld, but also a range of personal information, including employees’ taxpayer identification number.

First spotted in the wild by researchers at the University of California at Berkeley in late January, the new phishing scheme combines elements of previous W-2 scams with wire fraud. Hackers send an email that appears to have come from another person in the same organization, a process often referred to as spear phishing or business email spoofing, asking that the employer provide a list of all employees and their W-2 forms.

Having obtained the information, the hacker then sends a new email pretending to be the same executive as before, asking the payroll employee to process a wire transfer into a certain account. While the wire transfer is not tax-related, this scam coupled with the W-2 scam email has resulted in some companies losing both their employees’ W-2 details and thousands of dollars as well. Hackers also can potentially use the information from the W-2 forms to file fraudulent returns to obtain tax refunds that were intended for employees.

“The IRS, states and tax industry urge all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scam,” the IRS wrote in a warning memo. “Employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.”

Organizations that receive a W-2 scam email are being encouraged to forward the email to phishing@irs.gov with “W2 Scam” in the subject line.

Image: NYPhotographic/Bluediamond/CC BY-SA 3.0