W-2 Scam Targets Businesses, Nonprofits, and Tribal Organizations

'Spear-phishing' scam seeks personal information of as many people as possible within each targeted organization

By Beacon Staff

The Montana Attorney General’s Office of Consumer Protection has received multiple reports of businesses being targeted by a sophisticated “spear phishing” email scam that is also known as the “CEO Scam” or the “W-2 Scam.” 

While OCP has only received reports of businesses falling victim to this scam so far in Montana, nationally, other entities have been targeted in this scam, such as nonprofit and tribal organizations. The Internal Revenue Service warns that this scheme is meant to compromise the personal information of as many people as possible within each targeted organization. 

“Spear phishing” is a more focused form of “phishing,” or posing as a legitimate source to gain access to sensitive personal identification and financial information. “Spear phishing” emails are sent to specifically targeted recipients and are designed to look like they were sent from someone the recipient knows and interacts with – possibly a business owner, a supervisor, a colleague, or a department manager. The email’s subject line and content are likely to be specific to the target recipient’s business responsibilities or interests. 

 “This ‘spear phishing’ scam is especially despicable because it takes advantage of the trust that colleagues build between each other,” said Montana Attorney General Tim Fox.

“These cybercriminals often research their intended target by exploring the target recipient’s LinkedIn and other social media pages to build a convincing email. It’s easy to fall victim to those emails. Educating Montana businesses, charities, schools, tribal organizations, and others about the existence of this type of scam is the best defense we have,” Fox added.

The OCP has received dozens of notices about the following specific “spear phishing” scam as the April 18 tax deadline approaches:

A person pretending to be a company executive sends an email to a staff member, usually someone who works in the human resources or payroll department. Cybercriminals use various techniques to disguise the email address to make it appear as if it came from an organization executive. The email requests a list of all employees’ W-2 information, including employees’ names, addresses, social security numbers, and wage information. 

In reality, though, when the staff member responds with the W-2 information to the email, the scammer is now in possession of the type of sensitive personal information that allows them to commit identity theft. The scammer may even file fake tax returns to steal the employees’ tax refund money.   

If you, or someone you know, receives an unusual email requesting such information, do not respond immediately. Instead, contact the alleged email sender or company executive by phone or in person to ensure that the request for W-2 information legitimately came from within your organization.  

If the request was not legitimate, the scam attempt should be reported to the IRS at [email protected] with ‘W2 Scam’ in the subject line, and reported to the Montana Department of Justice’s Office of Consumer Protection through OCP’s convenient online reporting form here, or by phone at (800) 481-6896 or (406) 444-4500. 

Organizations which have their W2 information compromised should report W-2 thefts immediately to the IRS so the agency can take steps to help protect employees from tax-related identity theft.  The next step is to file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center 

Stay Connected with the Daily Roundup.

Sign up for our newsletter and get the best of the Beacon delivered every day to your inbox.