Cybercriminals Impersonate Persons of Authority within Organizations

Business taxpayers should be extra alert for cybercriminals attempting to steal W-2 forms and other sensitive information through a phishing scam, according to the Michigan Department of Treasury.

In a typical scenario, cybercriminals impersonate persons of authority within a company and send an email to payroll personnel asking for copies of all employee W-2 forms. The scammers do their homework about an entity’s organizational chart and all communications appear legitimate.

A W-2 form contains an employee’s name, address, Social Security number, income and withholdings. Cybercriminals use that information to file state income tax returns and steal refunds, or they post it for sale on the “Dark Web.”

“Business taxpayers need to be aware of this reoccurring scam,” said Glenn White, who oversees Treasury’s Tax Administration programs. “Please educate your employees about internal security processes for appropriately distributing sensitive information. As the income tax season approaches, cybercriminals will be out in full force to take advantage of taxpayers.”

The Internal Revenue Service reports the scam has affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities. A common theme in this scam and other email scams is that the copy includes grammatical and spelling mistakes.

Business taxpayers who receive this type of email are asked to report the encounter tophishing@irs.gov.  To learn more about identity theft, go towww.michigan.gov/identitytheft.