E-Threats Industry News

30,000 taxpayers affected by W-2 phishing scams, IRS warns

Now that tax season has begun, IRS-related phishing scams are back. This year, hackers are expanding their victim range to include school districts, NGOs and tribal organizations, according to an IRS alert released in February.

“It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,” IRS Commissioner John Koskinen said.

Phishing scams are on the dirty dozen list put together by the IRS, and this time the focus is on W-2 forms, “the most dangerous email scams the agency has seen in a long time.” Also known as Business Email Compromise (BEC) attacks, compromised W-2 form scams affected over 30,000 taxpayers and 145 organizations in 2016.

Confirmed victims include school systems, a restaurant, a software company and others in healthcare, finance, manufacturing and utilities.

Other dangers on the dirty dozen list for 2017 are phone scams, identity theft, return preparer fraud, fake charities, inflated refund claims, excessive claims for business credits, falsely padding deductions on returns, falsifying income to claim credits, abusive tax shelters, frivolous tax arguments and offshore tax avoidance.

“We continue to work hard to protect taxpayers from identity theft and other scams,” said Koskinen. “Taxpayers can and should stay alert to new schemes which seem to constantly evolve. We urge them to do all they can to avoid these pitfalls – whether old or new.”

About the author


From a young age, Luana knew she wanted to become a writer. After having addressed topics such as NFC, startups, and tech innovation, she has now shifted focus to internet security, with a keen interest in smart homes and IoT threats. Luana is a supporter of women in tech and has a passion for entrepreneurship, technology, and startup culture.