Phishing for Employee Tax Information


What it is and History

Identity thieves are trying to obtain personal information in order to misappropriate personal identifying information and steal from the victims. A phishing scheme that was popular in 2016, and that will probably be tried in 2017 is spoofing organizations for payroll records. The Treasury Inspector General for Tax Administration estimates this fraud scheme has cost US businesses $21 billion.

There are two variations of this scheme. One is a spoofed email that appears to come from the CEO of the company. The other is a spoofed email that appears to have been sent by the IRS or the state Department of Revenue. In both cases the email instructs the recipient to fax or email copies of the organizations W-2s and 1099s. The spoofed email will often claim several employees have been identified as potential victims of tax return identity fraud and the taxing authorities need the documents to help prevent further fraud and to protect the organizations employees from identity theft.

Employees of the State of Vermont where hit with a similar fraud scheme. In this fraud the employees received a phishing email that indicated:

“Dear Account Owner,

Our records indicate that you are enrolled in the Vermont State paperless W2 Program. As a result, you do not receive a paper W2 but instead receive e-mail notification that your online W2 (i.e. “paperless W2”) is prepared and ready for viewing.

Your 2015 W2 corrected statement is ready for viewing, follow the link below

Click Here to Login

To opt out of  the Paperless W2 Program, please login to Employee Self Service at the link above and go to the W2 Delivery Choice webpage and follow the instructions. 

Vermont State’s Human Resource Management Systems”

When the employees clicked on the link and attempted to retrieve their W-2 forms the criminals misappropriated their user IDs and passwords, which they used to log onto the state’s payroll system to obtain copies of the employees W-2s.


The most important internal control to prevent these types of fraud is training. Employees need to be trained to watch for phishing emails and to report them to their supervisors.

About Dr.Bob

Dr. Minniti is the President and Owner of Minniti CPA, LLC. Dr. Minniti is a Certified Public Accountant, Certified Forensic Accountant, Certified Fraud Examiner, Certified Valuation Analyst, Certified in Financial Forensics, Master Analyst in Financial Forensics, Chartered Global Management Accountant, and is a licensed private investigator in the state of Arizona. Dr. Minniti received his doctoral degree in business administration from Walden University, received his MBA degree and Graduate Certificate in Accounting from DeVry University’s Keller Graduate School of Management, and received his Bachelor of Science in Business Administration degree from the University of Phoenix. Dr. Minniti teaches graduate and undergraduate courses in accounting, fraud examination, fraud criminology, ethics, forensic accounting, external audit, and internal audit, at DeVry University, Grand Canyon University, Northwestern University, and the University of Phoenix. He designed graduate and undergraduate courses for Grand Canyon University, Northwestern University, and Anthem College. He is a writer and public speaker. He has experience in forensic accounting, fraud examinations, financial audits, internal audits, compliance audits, real estate valuations, business valuations, internal control development, business continuation planning, risk management, financial forecasting, and Sarbanes-Oxley compliance work. Dr. Minniti is an instructor teaching continuing professional education classes for the American Institute of Certified Public Accountants, Compliance Online, CPE Link. AccountingEd, Global Compliance Panel, Clear Law Institute and various state CPA Societies.

Leave a Reply

Your email address will not be published. Required fields are marked *