Information Technology

IRS Issues W-2 Security Alert

The Internal
Revenue Service (IRS) has issued a recent alert that the Form W-2 e-mail
phishing scam has expanded from the corporate world and into the public sector.
If you are a non-profit or governmental agency, you should be aware that this
scam can result in the large-scale theft of confidential information. This
information can then be used by cyber-criminals for various crimes including the
filing of fraudulent tax returns.

How Does The
Scam Work?

will disguise e-mails to make them appear to be from an internal executive within
your organization. The e-mail will be sent to an employee in the payroll, human
resources, and finance departments and will request a list of all employees and
their Forms W-2. In the latest twist to this scam, the ‘executive’ e-mail will
ask that a wire transfer also be made to a certain account. The wire transfer
scam is being combined with the W-2 scam email, and some organizations have
lost both employees’ W-2s and thousands of dollars due to these fraudulent wire

What To Do If
Your Organization Has Been Targeted

  • If you receive a W-2 scam email forward it immediately to your IT department and to and place “W-2 Scam” in the subject line. Also, you should also notify the State by sending an alert to
  • If you receive the W-2 scam email or if you believe that sensitive data has been stolen, file a complaint with the Internet Crime Complaint Center.
  • Promptly notify the employees whose Forms W-2 have been stolen.
  • Employees should then review the recommended actions by the Federal Trade Commission at or the IRS.
  • Employees will need to also file a Form 14039, Identify Theft Affidavit, if their tax return is rejected because of a duplicate social security number or if they are instructed to so by the IRS.

Best Practices When Handling E-Mail

  • If you receive an internal e-mail that appears to be suspicious (i.e. asking for protected data), pick up the phone and call the sender or ask them directly in person to verify the legitimacy of the email.
  • Other signs that an e-mail may be suspicious include the use of all capital letters, spelling errors, typos, and grammatical errors. Try to avoid opening these emails in the first place.
  • If you do open the email, do not proceed to click on any links, open any attachments, or download any files. If you open an attachment or download a file, contact your IT department immediately.
  • If you do click on a questionable link inadvertently and are prompted to log-in with your user credentials, register your credentials, or provide confidential information do not proceed to do so. Notify your IT department instead.
  • If you do end up logging your credentials on a questionable web-site or disclosing confidential information, change your password immediately and let your IT department know what has happened right away.