CHA News Article

IRS Warns Hospitals of W-2 Phishing Scam

The Internal Revenue Service (IRS) has alerted all employers that an email phishing scam targeting Form W-2 has spread beyond the corporate sector to hospitals, nonprofits and school districts. In this scam, cybercriminals disguise an email so that it appears to be a request from an organization executive for a list of all employees and their W-2s. In some instances, the cybercriminal follows up with a similar email to the payroll department or controller, asking that a wire transfer also be made to a certain account. Through these scams, some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.

Organizations that receive a W-2 scam email should forward it to phishing@irs.gov with “W2 Scam” in the subject line, and should also file a complaint with the Internet Crime Complaint Center operated by the Federal Bureau of Investigation. Employees whose Forms W-2 have been stolen should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft.

In addition to avoiding email scams during the tax season, taxpayers and tax preparers should be leery of using search engines to find technical help with taxes or tax software. Selecting the wrong “tech support” link could lead to a loss of data or an infected computer. More information about cybersecurity is available on CHA’s dedicated web page.

Commands