While one should always be vigilant about suspicious emails, this time of the year I recommend an even heightened scrutiny.
It is not uncommon to receive requests this time of the year from employees who have not received or lost their W-2 form, and in the old days, this request came in person. Nowadays, it is not uncommon to receive a request via email that you may fulfill via replying. It certainly cuts down on the time that it used to take to find the employer’s hard copy, photo copy the copy, and mail the copy to the employee. The only problem is scammers are capitalizing on this convenience and sending in requests for W-2s to payroll and HR departments in an attempt to obtain this confidential and sensitive information.
According to the IRS Commissioner John Koskinen “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”
Should you receive a request from an employee via email, you may want to follow up with a phone call to them to confirm the request. Then, if you do send out a copy via email, I highly suggest password protecting the document/pdf with a password that you verbally provide to the employee during the confirmation call. The same should go for requests of tax returns that you may receive from an internal request or your accountant. Take the moment to call and get a verbal confirmation from the party requesting the forms. I would also like to point out that the IRS will never make any request via email for you to send them information. If you receive any such request, it should be considered a phishing attempt.
If you should receive any phishing scam regarding W-2 data, be sure you forward the email to the IRS at firstname.lastname@example.org and place “W2 Scam” in the subject line. If you become a victim, then you can report the identity theft and get a recovery plan at the Federal Trade Commission. The IRS has also put out information on Security Awareness For Taxpayers where you can find helpful tips.
Here are a couple links on how to password protect documents;