ARTIFICIAL INTELLIGENCE [AI] IS NOT USED, IN WHOLE OR IN PART, IN PREPARING NYPPL SUMMARIES OF JUDICIAL AND QUASI-JUDICIAL DECISIONS

March 28, 2017

Important Information on W-2/SSN Data Theft Scam


Important Information on W-2/SSN Data Theft Scam
Source: The Internal Revenue Service

The Internal Revenue Service has called attention to what it characterizes as "A dangerous email scam" currently circulating nationwide and targeting employers, including tax exempt entities, universities and schools, government and private-sector businesses.

The scammer poses as an internal executive requesting employee Forms W-2 and Social Security Number information from company payroll or human resources departments. They may even send an initial “Hi, are you in today” message before the request.

The IRS has established a process that will allow employers and payroll service providers to quickly report any data losses related to the W-2 scam. See details at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers. If notified in time, the IRS can take steps to prevent employees from being victimized by identity thieves filing fraudulent returns in their names. There also is information about how to report receiving the scam email even if you did not fall victim.

As a reminder, tax professionals who experience a data breach also should quickly report the incident to the IRS. Tax professionals may contact their local stakeholder liaison. See details at Data Theft Information for Tax Professionals.

Also note, IRS suggests that if your business received the email but did NOT fall victim to the scam, forward the email to the IRS. The IRS needs the email header from the phishing email for its investigation, which means you must do more than just forward the email to phishing@irs.gov. Here’s what to do with the W-2 email scam:
  1. The email headers should be provided in plain ASCII text format. Do not print and scan
  2. Save the phishing email as an email file on your computer desktop
  3. Open your email and attach the phishing email file you previously saved
  4. Send your email containing the attached phishing email file to phishing@irs.gov. Subject Line: W2 Scam. Do not attach any sensitive data such as employee SSNs or W-2s.
  5. File a complaint with the Internet Crime Complaint Center (IC3,) operated by the Federal Bureau of Investigation.

CAUTION

Subsequent court and administrative rulings, or changes to laws, rules and regulations may have modified or clarified or vacated or reversed the decisions summarized here. Accordingly, these summaries should be Shepardized® or otherwise checked to make certain that the most recent information is being considered by the reader.
THE MATERIAL ON THIS WEBSITE IS FOR INFORMATION ONLY. AGAIN, CHANGES IN LAWS, RULES, REGULATIONS AND NEW COURT AND ADMINISTRATIVE DECISIONS MAY AFFECT THE ACCURACY OF THE INFORMATION PROVIDED IN THIS LAWBLOG. THE MATERIAL PRESENTED IS NOT LEGAL ADVICE AND THE USE OF ANY MATERIAL POSTED ON THIS WEBSITE, OR CORRESPONDENCE CONCERNING SUCH MATERIAL, DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP.
NYPPL Blogger Harvey Randall served as Principal Attorney, New York State Department of Civil Service; Director of Personnel, SUNY Central Administration; Director of Research, Governor’s Office of Employee Relations; and Staff Judge Advocate General, New York Guard. Consistent with the Declaration of Principles jointly adopted by a Committee of the American Bar Association and a Committee of Publishers and Associations, the material posted to this blog is presented with the understanding that neither the publisher nor NYPPL and, or, its staff and contributors are providing legal advice to the reader and in the event legal or other expert assistance is needed, the reader is urged to seek such advice from a knowledgeable professional.
New York Public Personnel Law. Email: publications@nycap.rr.com