The FBI and IRS are reporting an increase in W2 phishing attacks during 2018.  These targeted attacks often appear to be coming from a legitimate Human Resource (HR) professional seeking updates. Users should question the HR department before submitting sensitive data, when they see unusual requests for information. 

https://www.ic3.gov/media/2018/180221.aspx

Beginning in January 2017, IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed an increase in reports of compromised or spoofed emails requesting W-2 information. Sometimes these requests were followed by or combined with a request for an unauthorized wire transfer.

The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource (HR) professional within the same organization. Individual taxpayers may also be the targeted, but criminals have evolved their tactics to focus on mass data thefts. This scam is just one of several new variations of IRS and tax-related phishing campaigns targeting W-2 information, indicating an increase in the interest of criminals in sensitive tax information.

How to report a data loss related to IRS related to a W-2 scam — If notified quickly after the loss, the IRS may be able to take steps that help protect your employees from tax-related identity theft. To contact the IRS about a W-2 loss, email IRS at dataloss@irs.gov and provide the information listed below so the IRS can contact you. In the subject line, type “W-2 Data Loss” so that the email can be routed properly