W-2 Phishing Scams Spread During Tax Season

The IRS and Multi-State Information Sharing and Analysis Center (MS-ISAC) has issued a nationwide alert of W-2 phishing scams now spreading to schools, restaurants, hospitals, tribal groups, and nonprofits during this tax season. The W-2 phishing scam seeks to deceitfully acquire sensitive W-2 information for identity theft and/or filing fraudulent tax returns. Reports of data breaches in the first quarter of 2017 already exceeds 80% of the total number of data breaches reported in 2016 due to the substantial increase in the number of successful W-2 phishing scams.

How the W-2 Phishing Scam works

W-2 phishing emails deceptively appear to be from a member of the organization’s executive leadership team and are sent to departments that include but are not limited to: payroll, finance, or human resources. The email typically requests for W-2 forms and/or a list of employees’ Social Security number, salary, and home address. If the scam is successful, it can result in large-scale theft of sensitive employee information used to commit various crimes like filing fraudulent tax returns.

Best Practices for Email Requesting Financial or Sensitive Data

• Verify the identity of the email sender by contacting them over the phone or by other non-email channels to confirm that the email is valid.
• Hover to discover if the email is going to the correct person. The true recipient of an email can often be verified by hovering the mouse over the address in the email header.
• Reply through a new email, and not by hitting the “reply” button, which helps to prevent successful spoofing attacks.

Next Steps if you Receive a W-2 Phishing Scam

If you suspect that you have received a W-2 email scam, immediately follow these steps:

Outlook for Windows

1. Go to your inbox.
2. Click ONCE on the suspicious email and press "Ctrl-Alt-f".
3. A new blank message will open with the original as an attachment; address it to spam@uthscsa.edu and press "Send".

Outlook for Mac 2016

1. Go to your inbox.
2. Click ONCE on the suspicious email.
3. Make sure the Home tab is selected, then click the Attachment button.
4. A new blank message will open with the original as an attachment; address it to spam@uthscsa.edu and press "Send".

To learn more about how to identify, prevent, or recover from phishing scams, visit the Phishing Prevention page.

For further information, contact Information Security by email at infosec@uthscsa.edu or by phone at 210-567-0707.