January 31, 2017: As the 2017 tax season approaches, employers must remain diligent to protect against email “phishing” scams designed to steal employees’ highly-confidential Form W-2 information. This type of data breach scam, which appears to be growing in popularity, involves a cybercriminal sending a “phishing” or “spoofed” email to employees in the a company’s accounting or human resources department of a company. The email is designed to appear as if it was sent by the CEO or some other high-ranking officer, and it requests that the employee respond by sending copies of the IRS Form W-2 tax forms for all employees. The Form W-2’s contain highly-confidential personally identifiable information (“PII”) of the employees, including name, address, salary and benefit information and, most importantly, social security number. The Form W-2 may also disclose the employee’s filing status — married or single. Armed with this information, cybercriminals can engage in numerous types of identity theft, including filing false tax returns on behalf of an employee seeking to steal refunds, or attempting to open up credit accounts in the employee’s name.
Last year, approximately 41 companies fell for similar scams, including Seagate Technology, LLC, Snapchat, Turner Construction Company, and more.
Although it is still January, companies have already fallen for the phishing scam this year, including TransPerfect, eHealthInsurance, and solar panel maker Sunrun. Earlier this month, the IRS renewed its alert about Form W-2 scams.
If you an employee who was notified that your Form W-2 information or other PII was wrongfully disclosed through a phishing scam or otherwise, you may be entitled to compensation or other relief. Bragar Eagel & Squire, P.C., is currently litiging claims on behalf of a class of employees whose Form W-2 PII was disclosed as a result of a phishing scam.
For additional information, please contact David J. Stone, Esq. at (212) 308-5858 or email firstname.lastname@example.org.
Attorney Advertising. Prior results do not guarantee a similar outcome.