IRS Issues High Alert for Mass Data Thefts Targeting Schools and Not-for-Profits

W-2 Phishing Scams Requesting Sensitive Tax Information and Wire Transfers Are On the Rise

The W-2 phishing scam alert recently issued by the Internal Revenue Service (IRS) and state tax agencies has extended beyond the scope of the corporate world and is becoming a serious threat to organizations, including school districts, tribal organizations, and not-for-profits.

Organizations are being advised to be vigilant and guard against the recent uptick in W-2 scammers who are stealing employee information, as well as implementing wire transfer schemes.

“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen.

Employers are advised to report W-2 thefts immediately to the IRS so that they can effectively protect employees from identity theft.

There are a number of safeguards being utilized by the Security Summit (a partnership between the IRS, state security agencies, and the tax industry) that can identify fraudulent returns filed through scams.

How the W-2 Scam Works:

Business email spoofing techniques, where criminals send emails appearing to be from an executive’s email address within that organization, are sent to employees in payroll or human resources departments.  The cybercriminals, posing as the executives, request employee lists as well as their W-2 Forms.

Safeguarding Your Organization:

All employees should be informed and on high alert for the W-2 scam.  The Security Summit is seeing a surge of this scam activity, affecting organizations more broadly, and in some cases, repeatedly.

Organizations should also be careful with emails appearing to be from executives – specifically to payroll or comptrollers – requesting a wire transfer to an account.  This additional request has often accompanied the W-2 scam email and has resulted in thousands of dollars lost.

To proactively avert being victimized, organizations should share this alert with payroll, human resources, and finance employees.  You should also consider setting up an internal verification system for W-2 and wire transfer requests to safeguard against these scams.

Reporting the W-2 Scam

Employers: If your organization receives a W-2 scam email, immediately forward it to with a subject line that says “W2 Scam.”  Should you receive, or fall victim to, a scam email, file a complaint with the FBI’s Internet Crime Complaint Center (IC3).

Employees: If an individual’s Forms W-2 have been stolen, each affected employee should review the recommended actions by the Federal Trade Commission at or the IRS at

They will need to file a Form 14039, Identity Theft Affidavit if the employee’s own tax return rejects due to a duplicate Social Security number or per IRS instructions.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author