Officials warn of spike in hackers targeting taxpayer data

Officials warn of spike in hackers targeting taxpayer data
© Greg Nash

Federal officials are warning of a spike in phishing campaigns during the IRS’s tax filing season, particularly those targeting information from would-be victims’ W-2 forms.

The FBI’s Internet Crime Complaint Center issued an alert late Wednesday warning of an increase in W-2 phishing campaigns.

"This scam is just one of several new variations of IRS and tax-related phishing campaigns targeting W-2 information, indicating an increase in the interest of criminals in sensitive tax information," the alert says.


The Internal Revenue Service (IRS) has seen an increase in reports of compromised or forged emails asking targets to provide information about their W-2 since the beginning of the year, according to the alert. In some cases, the emails were accompanied by a request for an unauthorized wire transfer.

The alert indicates that hackers are largely targeting employees of organizations in hopes of carrying out “mass data thefts,” but says individual taxpayers may also receive the phishing emails.

“The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource (HR) professional within the same organization," the notice says.

The Department of Homeland Security (DHS) also highlighted the uptick in W-2 phishing campaigns in an alert issued Wednesday.

Officials and experts have repeatedly warned of hacking schemes that aim to leverage tax-filing season for financial gain.

In 2016, then-IRS Commissioner John Koskinen reported a 400 percent surge in phishing and malware incidents during tax season. 

On Thursday, cybersecurity firm Kaspersky Lab released research highlighting how hackers have used spoofed websites to imitate real IRS pages and lure taxpayers to enter their data.

Kaspersky tracked clear spikes in these scams around tax-filing season in the U.S. as well as Canada and Great Britain in 2016. The researchers also reported an increase in attacks following tax season in 2017 in which hackers looked to imitate tax authority websites promising tax refunds.

Hackers have also looked to target the IRS itself, gaining access to personal data stored in as many as 700,000 taxpayers accounts back in 2015. The data included Social Security numbers, birth dates and other sensitive information that could allow criminals to impersonate real taxpayers and file fraudulent returns.