By Christine Bryant
The Reynoldsburg Police Department is warning the public, especially those who work in human resources departments, to be on alert of a W-2 phishing scam.
In February, the Regional Income Tax Agency provided its member municipalities, including Reynoldsburg, with an email alert that stated the income tax agency had been notified by two municipalities that they had been the targets of a W-2 “spear-phishing” scam, said Amy Arrighi, chief legal counsel for RITA. Those two municipalities have not been disclosed.
“In each municipality, an employee within the organization had received an email from someone posing as a municipal official, requesting employee W-2 information,” Arrighi said. “In one case, the employee recognized the email as fraud. In the other case, the employee innocently replied and sent W-2 information to an unknown recipient.”
Earlier in the month, the Internal Revenue Service released a bulletin alerting all employers that the Form W-2 email phishing scam had evolved to sectors such as school districts and non-profits. The bulletin also provided guidance if an employer came in contact with a W-2 scam.
Here’s how the scam works: According to the IRS, cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2.
In a latest twist, the IRS reports that cybercriminals follow up with an executive email to the payroll or comptroller and ask that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.
To help spread the word about this phishing scheme, as well as raise awareness about cyber crimes in general, the Reynoldsburg Police Department has issued its own warning.
Reynoldsburg Police Officer Michele Fulton cautions that a government agency will never contact by phone or email requesting this type of information. If a business is given an email with a website link attached, she advises not to click on the link.
“Many times the website you are taken to is a fraudulent page,” she said. “The page will look legitimate until you look up in the web page window. Also, make sure there is a lock symbol to be sure the site is secure.”
The IRS is urging all employers to share information with their payroll, finance and human resources employees about this W-2 and wire transfer scams. According to the IRS, employers should consider creating an internal policy, if one is lacking, on the distribution of employee W-2 information and conducting wire transfers.
Technical Difficulties’ Chief Project Manager Aleyna Dragonette holds a modified toy with a larger button adaption.