Protecting Employees from W-2 Identity Theft

As a small business owner, protecting your employees’ information is always important. However, with an ever-increasing wave of identity theft sweeping the country, the IRS wants you to beware of W-2 scams. 

Because From W-2 holds such sensitive data which should be protected at all times. For a thief, getting their hands on this information is the key to stealing an identity and perhaps having a very Merry Christmas at someone else’s expense. That’s why it’s crucial for small businesses should be on guard always.

As an employer, know that your business is a target for thieves running the W-2 scam and help educate those in your payroll or human resources department on what they should be looking out for. Here’s how it works:

The email will be sent to someone payroll or human resources employee. It will appear to be from someone in the company, such as you or another important executive or organizational leader. The exchange often begins very informally, such as, “Hey, you in today?”

If certain protocols are not in place, by the end of the email exchange, all of an employee’s sensitive data from a Forms W-2 could be in the hands of cybercriminals. Because the correspondence appears to be with an executive, it may take weeks for anyone to realize the breach has occurred. The criminals act fast taking advantage of the access they have been granted, even filing fraudulent tax returns within a day or two.

This scam is such a threat to taxpayers that a special IRS reporting process has been established. If you believe your business has been targeted, here’s is an abbreviated list for reporting the scheme:

• Email dataloss@irs.gov to notify the IRS and provide contact information. Type “W2 Data Loss” in the subject line. This ensures the email is properly routed properly. DO NOT attach any personal data concerning the employee(s) to the email.
• Contact the Federation of Tax Administrators at StateAlert@taxadmin.org for information on how to report victim information to the states.
• File a complaint with the FBI’s Internet Crime Complaint Center. Businesses and payroll service providers may be also be asked to file a report with their local law enforcement agency.
• Notify employee(s). The employee may then take steps to protect themselves from identity theft. Direct them to the Federal Trade Commission’s www.identitytheft.gov, which will offer guidance on what they should do.
• Finally, forward the scam email to the IRS at phishing@irs.gov.

Always be on guard and take the necessary steps to keep your employees’ information as safe as possible.