The W-2 scam arose in 2016, according to the IRS, which by February 2017 had issued an alert telling businesses that this particular type of phishing scam had spread and that targets included tribal casinos, temporary staffing agencies, chain restaurants, and shipping and freight firms. Phishing is a fraud technique, usually attempted with an unsolicited email, that tries to lure victims into coughing up their personal or financial information.
The IRS says that it has taken multiple steps to weed out phony tax returns and that the W-2 scam is a key way for criminals to try to grab Americans’ refunds. In 2017 the agency estimated that there were 597,000 tax returns filed fraudulently. That’s down from 883,000 confirmed cases in 2016 and 1.4 million in 2015, the IRS said earlier this year.
According to an IRS estimate, in 2016 between $1.68 billion and $2.31 billion was paid out in refunds that may have been claimed as a result of identity theft. The money is “likely to be unrecoverable,” the agency said in a report. Using data analytics and partnering with software providers and state tax agencies have helped the IRS identify suspicious filings, according to the agency.
Lazzarotti said scams targeting businesses also sometimes feature fictitious wire instructions from a crook (posing as a CEO) who instructs an employee to wire $100,000 to a “client.”
His advice to workers? “Pick up the phone and verify” that the putative CEO’s email is legit.
Lazzarotti also urges employers not to fixate solely on the possibility of W-2s being compromised because employers maintain a variety of sensitive tax and personnel information. “Other types of forms are vulnerable.”