We want you to be aware of a potential risk affecting business owners and nonprofits. Last year, the Internal Revenue Service (IRS) was alerted to a phishing scam involving W-2 forms, in which companies were being targeted for large-scale identity theft. The IRS has now issued a secondary warning, alerting school districts, tribal organizations, and nonprofits to the scam, as it has evolved beyond the corporate sector and is now threatening these groups.
This threat is characterized by fake email alerts, which are sent to high-level corporate employees, as well as individuals involved in payroll and human resources at the organization. In these emails they request W2 forms, earnings summaries, and other employee-sensitive information. In some instances, they also send a follow-up email asking that funds be electronically transferred to cover payroll and other miscellaneous expenses.
As a small business, we know the importance of protecting against dangerous cyber-security issues, which is why we want to make sure you’re aware of the best internet safety practices. Often your employees can be the weakest link. While they are are just trying to be helpful, it’s also critically important that any and all individuals with access to your computer system are adequately trained in cyber safety. Anyone with access to this information should know not to share login and password information, and to not forward any sensitive information without confirming the request with a supervisor.
Remember, technology such as fire walls and virus detection may not always be there to protect you. Your employees and volunteers play an important role in safeguarding sensitive data. Stay safe and train your employees and volunteers to recognize common cyber-crime and information security risks. We encourage you to stay up to date on IRS announcements like this on their website’s news feed. You can also find out more information on this specific alert by visiting this page. Dangerous W-2 Phishing Scam