The IRS issued an alert in February 2017 that a W-2 phishing scam which used to be only in the corporate world has now evolved to other sectors, including schools, tribal casinos, chain restaurants, temporary staffing agencies and healthcare organizations.
The scam works like this: Cybercriminals use various techniques to disguise an email to make it appear as it is from an executive in the organization. The email is sent to an employee in the payroll or human resources department, requesting a list of all employees and their W-2 forms.
In some cases, the cybercriminal follows up with another executive email to the payroll department or comptroller and asks that a wire transfer to be made to a certain account.
IRS commissioner John Koskinen says, “This is one of the most dangerous email phishing scams we’ve seen in a long time.”