IRS Issues Guidance on Payroll Phishing Scheme

The phishing scheme targeting payroll professionals continues to claim victims. The scheme involves fraudulent email messages that appear to be from a company executive requesting personal information on employees. Because reporting time is critical, the IRS has provided guidance on what to do when you receive a fraudulent email or fall for the scheme, including a new way to quickly report data loss [Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers; last updated 3-28-17;].

How to Report a Data Loss Related to the W-2 Scam

Send an email to [email protected] to notify the IRS of a Form W-2 data loss. Type "W2 Data Loss" in the subject line so the email can be routed properly. Do not attach any employee's personally identifiable information (PII) data. This information should be provided:

  • Business name
  • Business employer identification number (EIN) associated with the data loss
  • Contact name
  • Contact phone number
  • Number of employees impacted

Note: The IRS will not initiate contact with taxpayers by email, text messages, or social media to request personal or financial information.

How to Report Data Loss to State Tax Agencies

A breach of PII could have an effect on the victim's tax accounts with state agencies as well as with the IRS. Email the Federation of Tax Administrators at [email protected] for information on how to report victim information to state agencies.

How to Report Data Loss to Other Law Enforcement Officials

  • Businesses/payroll service providers should file a complaint with the FBI's Internet Crime Complaint Center (IC3) at
  • Businesses/payroll service providers may be asked to file a report with their local law enforcement agency.

. How to Report Receipt of a W-2 Email Scam Message If your business received the email but did NOT fall victim to the scam, forward the email to the IRS. The IRS needs the header from the phishing email for its investigation, so you must do more than just forward the email. Here's what to do with the fraudulent W-2 email scam message:

  • In your email message to the IRS, provide the email headers in plain ASCII text format. Do not print and scan. Instructions for locating the email headers in Outlook can be found in a Microsoft Office Support page.
  • Save the phishing email as an email file on your computer desktop.
  • Open your email and attach the phishing email file you previously saved.
  • Send your email containing the attached phishing email file to [email protected] Type "W2 Scam" in the subject line. Do not attach any sensitive PII data.
  • Send your email containing the attached phishing email file to [email protected] Type "W2 Scam" in the subject line. Do not attach any sensitive PII data.

What to Tell Employees
For employers that fall victim to the phishing scheme, the IRS provides guidance on what to tell employees.

Suggestions include reviewing the IRS's Taxpayer Guide to Identity Theft, IRS Publication 5027, Identity Theft Information for Taxpayers (, the Federal Trade Commission's publication Data Breach Response: A Guide for Business, and IRS Publication 4524, Security Awareness for Taxpayers.