After Wyoming hospital breach, IRS warns of W-2 scams

Staff -

The Internal Revenue Service is cautioning corporations, nonprofits and health systems of the dangers of W-2 scams, reports the Wyoming Tribune Eagle.

W-2 scams work like this: A cybercriminal disguises an email to make it seem like it came from an organization's executive. The email, which requests employees' W-2 forms, is then sent to unsuspecting workers in the organization's payroll or human resources departments.

In 2016, this type of phishing scheme hit more than 145 organizations throughout the United States. "It's pretty sinister, and it's expanding to all kinds of different organizations," said IRS spokesperson Raphael Tulino, according to the report. "This particular scam isn't about impersonating the IRS, but it is bad guys getting their information from outside the tax system instead."

The scam has already impacted one organization in Wyoming this year: Gillette-based Campbell County Health. In late January, a CCH employee mistakenly sent the W-2 information of 1,457 employees to someone impersonating a hospital executive.

CCH appears to be coping well with the aftermath of the scam. CCH CFO Dalton Huber said the hospital has provided impacted employees with credit monitoring protection and has helped them file affidavits with the IRS. In addition, CCH has set up a new system in which all emails from outside the organization have a header that warns employees of its origins.

"I'm used to getting the phishing emails as CFO, because the really dumb ones will send them under the old CEO's name," Mr. Huber told the Wyoming Tribune Eagle. "But if you're not used to getting stuff like that, it's easy to get sucked in."

According to the IRS, organizations involved in W-2 scams should forward the emails to phishing@irs.gov and write "W2 Scam" in the subject line. The organizations should also file a complaint with the Internet Crime Complaint Center.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.