The FBI warned recently that beginning in January 2017 the IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed an increase in reports of compromised or spoofed emails requesting W-2 information. Sometimes these requests were followed by or combined with a request for an unauthorized wire transfer.
The most popular method remains impersonating an executive, either through a compromised or spoofed email, in order to obtain W-2 information from a human resources professional within the same organization.
Individual taxpayers may also be the targeted, but criminals have evolved their tactics to focus on mass data thefts.
This scam is just one of several new variations of IRS and tax-related phishing campaigns targeting W-2 information, indicating an increase in the interest of criminals in sensitive tax information.
The IRS doesn’t initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. Any contact from the IRS will be in response to a contact initiated by the taxpayer. Criminals, when they learn of a new IRS process, often create false IRS web sites and IRS impersonation emails.