On February 2, the Internal Revenue Service issued an urgent alert to all employers about a W-2 email phishing scam. The scam was launched in 2016 but has been expanded this year, according to the bulletin, which can be read here.

The bulletin warned that cybercriminals employ a number of spoofing techniques to create an email that appears to originate from an organization’s executive. The email is sent to employees in human resources and payroll departments, requesting a list of employees and their W-2 forms. These forms, of course, contain identifying information including addresses and Social Security numbers.

Last year, the scam targeted the corporate sector, but this year, the scam appears to be spreading to school districts as well as nonprofit and tribal organizations. Another twist is that the cybercriminals may follow with emails requesting wire transfers. Some companies have lost funds in addition to sensitive information. Some organizations report having received these emails in 2016 and 2017.

The IRS memo urges employers to be vigilant and to share this information with their payroll, finance and human resources departments. Organizations should report incidents to phishing@irs.gov with a subject line of “W2 Scam” and should file a complaint with the Internet Crime Complaint Center (IC3).

Individuals whose W-2 forms have been stolen should take the actions set out in www.identitytheft.gov or www.irs.gov/idenditytheft.  They should also file a Form 14039, Identity Theft Affidavit, if a tax return is rejected because of a duplicated Social Security number.

IRS Commissioner John Koskinen said, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”