Hackers Target Businesses for W-2 Access

// March 7, 2019
Reading Time: 3 minutes

Social engineering fraud comes in many forms. As tax season approaches, W-2 fraud becomes a favorite of many criminals. The common scam is to steal the identity of an individual, file a false tax return in their name and have the tax refund rerouted to the thief. After many years of stealing individuals’ identities through very plain means (e.g., stealing mail or digging through trash), a number of clever criminals decided to go bigger and bolder. They steal a large number of identities all at once, by targeting employers.

The scam goes like this: A criminal impersonates a senior executive in a company over email. They strike up an email conversation with a human resources or payroll employee that ends with them requesting the W-2 data for all employees. Once the W-2 data is obtained, the criminal can begin the process of committing tax return fraud. Often, the targeted company doesn’t realize the breach has occurred until it’s too late, when employees start reporting back problems with their tax returns, and the money is already gone.

W-2 fraud is such a pervasive problem that IRS Commissioner Chuck Rettig recently warned, “As tax season approaches, the IRS…continues to warn employers to be on the lookout for emails asking for sensitive W-2 information, a dangerous scheme aimed at payroll and human resource offices. We encourage small businesses and others to follow some important steps to help protect themselves and their employees.”

The IRS recommends businesses put protocols in place for the sharing of sensitive employee information such as W-2 forms. Examples include:

  • Have two people review any distribution of sensitive W-2 data or wire transfers
  • Require a verbal confirmation before emailing W-2 data
  • Educate their payroll or human resources departments about W-2 scams

It’s important to note that it is not just W-2 data that is stolen through these email scams. Criminals are coming up with new ways to steal from businesses as fast as they can. Wire transfer fraud, where an employee is tricked into sending money to a fraudulent account, is another major attack occurring over email. Also, goods are being rerouted to criminals in a similar fashion. It’s critical for businesses large and small to educate themselves on the best risk management techniques and to purchase insurance for when everything does go wrong. Devon Park Specialty is here to help with both.

Miscellaneous and technology professionals can protect themselves from the financial burden these types of attacks bring through our Errors and Omissions, Media and Privacy (EMP) product. Product advantages include:

  • Limits up to $5 million for a variety of perils, including theft of W-2 data
  • Cybercrime limits, including coverage for theft of funds and goods due to wire transfer fraud and social engineering available up to $500,000
  • Worldwide coverage territory including coverage for General Data Protection Regulation (GDPR)
  • Dependent business interruption sublimit available, up to $100,000
  • System failure sublimit available, up to $100,000
  • Full limit for reputation damage
  • Carveback for cyber terrorism
  • Full prior acts available on cyber coverages for first time buyers

As tax season is well underway, it is important that businesses continue to prepare and even keep next year in mind. According to Juniper Research, data breaches are expected to cost businesses $2.9 trillion dollars globally in 2019.

Contact your Devon Park Specialty underwriter today to learn how our EMP product can protect your clients.


As always, thank you for your support and business.

Jeff EstabrookContact and Written By Erik Tifft
Product Leader | 844-438-6775 Ext. 2354
March 7, 2019