Department of Revenue warns of W-2 email phishing scam targeting payroll and human resource professionals

Department of Revenue warns of W-2 email phishing scam targeting payroll and human resource professionals

ST. PAUL, Minn. – The Minnesota Department of Revenue is warning all employers of a dangerous W-2 email phishing scam targeting human resources and payroll departments. The scam has evolved beyond the corporate world and is spreading to other sectors, including school districts, tribal organizations, and nonprofits.

Payroll and human resource professionals across the country have received emails purporting to be from an organization executive requesting employee W-2 information. The email often looks official to unsuspecting employees who then send the requested information, disclosing private employee information to an unauthorized party.  

Nationally, about 100 businesses employing 126,000 individuals were hit by scammers last year. By comparison, about 80 businesses have already been targeted in the first month of this tax season.

This scam puts employees’ personal information at risk. Disclosing the information to unauthorized parties can lead to an increase in tax refund fraud as criminals use that information to file fraudulent returns in Minnesota and elsewhere. If an employee’s W-2 or other private information is stolen, it can lead to longer waits for refunds as we work to verify the employee’s tax return, and ensure the right refund goes to the right person.

“These tax information scams have evolved and grown more sophisticated over the last couple of years,” stated Revenue Commissioner Cynthia Bauerly. “Employers across Minnesota need to be on high alert for scams and have their employees trained on what to do if they think something is suspicious when dealing with requests for employee personal information.”

The department encourages all businesses to notify their employees of the scam and have procedures in place to ensure that W-2 and other personal information is not disclosed to unauthorized parties.

Stop. Connect. Confirm.

When a request for private/sensitive information is made, Stop. Connect. Confirm.

1. Stop – Stop for a moment before complying with the request and sending that information.
2. Connect – Connect with the person who sent you the request by phone or by walking over to see them. Do not respond to the email to get confirmation of the sender’s identity. The sender may be a criminal who has disguised their identity by spoofing your colleague’s email address.
3. Confirm – Confirm with the executive requesting the information that their request is legitimate.

Businesses can download and print this poster and display it in their human resources and payroll departments to remind employees to Stop. Connect. Confirm. if a request for employee personal information is made.

If your employer notifies you that your W-2 or other personal information has been compromised:

• Review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft.
• File a Form 14039, Identity Theft Affidavit if your tax return is rejected because of a duplicate Social Security number or if instructed to do so by the Internal Revenue Service.

Tax preparers should be on alert
Additionally, tax professionals should be aware of a scam targeting their software and asking them to “unlock” their suspended software accounts. The scam attempts to get the preparers login and password credentials, which can compromise private taxpayer information. Tax professionals should report these scam emails to their tax software provider and the IRS by emailing a plain text version of the scam email to Phishing@IRS.gov.

Get the latest news and updates from the Minnesota Department of Revenue by following the department on Facebook and Twitter or by signing up for our email subscription list.

###