On February 21, 2018 the Internal Revenue Service issued alert number I-22118-PSA. This alert in summary is to notify the public that there has been a significant increase in W-2 phishing scams. The IRS’s Online Fraud Detection & Prevention (OFDP) unit monitors for suspicious emails has noticed these requests were typically followed by or combined with a request for an unauthorized wire transfer.
A popular method is to impersonate an executive either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource professional within the same organization.
In addition to this popular method the OFDP has noticed several new variations of IRS and tax-related phishing campaigns targeting W-2 information. Cybercriminals have shown an increased interest in sensitive tax information.
As an example, cybercriminals have stolen client data from tax professionals and filed fraudulent refunds using real taxpayer information, including bank account and routing information for direct deposit. The fraudster will then contact the taxpayer posing as an employee of a debt collection agency working on behalf of the IRS. They will ask taxpayers to take certain steps to return the refund, but actually the refund is routed to the criminals.