<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Lucida Calligraphy";
panose-1:3 1 1 1 1 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1026175080;
mso-list-template-ids:1867944176;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Good afternoon Section 218 Employers:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Below is a timely reminder from the IRS related to Form W-2 scams which occur during the January tax season. Several Oregon public entities were victimized by this particular scam in 2017.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thank you.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Lucida Calligraphy"">Pamella<o:p></o:p></span></p>
<p class="MsoNormal">Pamella Johnson<o:p></o:p></p>
<p class="MsoNormal">Oregon State Social Security Administration<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:8.0pt;font-family:"Lucida Calligraphy"">*</span><span style="font-size:8.0pt">****CONFIDENTIALITY NOTICE*****<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt">All information in this email, including attachments, is approved solely for delivery to and authorized use by its intended recipients. Use, dissemination, distribution, or reproduction of this message and/or
any of its attachments by unintended recipients is not authorized and may be unlawful. If you are not an intended recipient of this message or an authorized assistant to an intended recipient, please notify the sender by replying to this message and then delete
it from your system.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:8.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p align="center" style="text-align:center"><strong><span style="font-size:18.0pt">IRS, States and Tax Industry Warn Employers to Beware of Form W-2 Scam; Tax Season Could Bring New Surge in Phishing Scheme</span></strong><o:p></o:p></p>
<p>WASHINGTON – The Internal Revenue Service, state tax agencies and the tax industry today urged all employers to educate their payroll personnel about a Form W-2 phishing scam that made victims of hundreds of organizations and thousands of employees last
year.<o:p></o:p></p>
<p>The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community. During the last two tax seasons, cybercriminals tricked payroll personnel or people with access to payroll information into disclosing sensitive information
for entire workforces. The scam affected all types of employers, from small and large businesses to public schools and universities, hospitals, tribal governments and charities.<o:p></o:p></p>
<p>Reports to <a href="mailto:phishing@irs.gov">phishing@irs.gov</a> from victims and nonvictims about this scam jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. Last year, more than 200 employers were victimized, which translated
into hundreds of thousands of employees who had their identities compromised.<o:p></o:p></p>
<p>By alerting employers now, the IRS and its partners in the <a href="http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTgwMTE3LjgzODUxMzcxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE4MDExNy44Mzg1MTM3MSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTY4Njg2JmVtYWlsaWQ9cGFtZWxsYS5qb2huc29uQHN0YXRlLm9yLnVzJnVzZXJpZD1wYW1lbGxhLmpvaG5zb25Ac3RhdGUub3IudXMmZmw9JmV4dHJhPU11bHRpdmFyaWF0ZUlkPSYmJg==&&&127&&&https://www.irs.gov/privacy-disclosure/security-summit">
Security Summit effort</a> hope to limit the success of this scam in 2018. The IRS last year also created a new process by which employers should report these scams. There are steps the IRS can take to protect employees, but only if the agency is notified immediately
by employers about the theft.<o:p></o:p></p>
<p>Here’s how the scam works: Cybercriminals do their homework, identifying chief operating officers, school executives or others in positions of authority. Using a technique known as business email compromise (BEC) or business email spoofing (BES), fraudsters
posing as executives send emails to payroll personnel requesting copies of Forms W-2 for all employees.<o:p></o:p></p>
<p>The Form W-2 contains the employee’s name, address, Social Security number, income and withholdings. Criminals use that information to file fraudulent tax returns, or they post it for sale on the Dark Net.<o:p></o:p></p>
<p>The initial email may be a friendly, “hi, are you working today” exchange before the fraudster asks for all Form W-2 information. In several reported cases, after the fraudsters acquired the workforce information, they immediately followed that up with a
request for a wire transfer.<o:p></o:p></p>
<p>In addition to educating payroll or finance personnel, the IRS and Security Summit partners also urge employers to consider creating a policy to limit the number of employees who have authority to handle Form W-2 requests and that they require additional
verification procedures to validate the actual request before emailing sensitive data such as employee Form W-2s.<o:p></o:p></p>
<p>If the business or organization victimized by these attacks notifies the IRS, the IRS can take steps to help prevent employees from being victims of tax-related identity theft. However, because of the nature of these scams, some businesses and organizations
did not realize for days, weeks or months that they had been scammed. <o:p></o:p></p>
<p>The IRS established a special email notification address specifically for employers to report Form W-2 data thefts. Here’s how Form W-2 scam victims can notify the IRS:<o:p></o:p></p>
<ul type="disc">
<li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Email <a href="mailto:dataloss@irs.gov">dataloss@irs.gov</a> to notify the IRS of a Form W-2 data loss and provide contact information, as listed below.<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
In the subject line, type “W2 Data Loss” so that the email can be routed properly. Do not attach any employee personally identifiable information data.<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Include the following:<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Business name<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Business employer identification number (EIN) associated with the data loss<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Contact name<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Contact phone number<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Summary of how the data loss occurred<o:p></o:p></li><li class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;mso-list:l0 level1 lfo1">
Volume of employees impacted<o:p></o:p></li></ul>
<p>Businesses and organizations that fall victim to the scam and/or organizations that only receive a suspect email but do not fall victim to the scam should send the full email headers to
<a href="mailto:phishing@irs.gov">phishing@irs.gov</a> and use “W2 Scam” in the subject line.<o:p></o:p></p>
<p>Employers can learn more at <a href="http://links.govdelivery.com:80/track?type=click&enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTgwMTE3LjgzODUxMzcxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE4MDExNy44Mzg1MTM3MSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3MTY4Njg2JmVtYWlsaWQ9cGFtZWxsYS5qb2huc29uQHN0YXRlLm9yLnVzJnVzZXJpZD1wYW1lbGxhLmpvaG5zb25Ac3RhdGUub3IudXMmZmw9JmV4dHJhPU11bHRpdmFyaWF0ZUlkPSYmJg==&&&128&&&https://www.irs.gov/individuals/form-w2-ssn-data-theft-information-for-businesses-and-payroll-service-providers">
Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers</a>.<o:p></o:p></p>
<p>Employers should be aware that cybercriminals’ scams constantly evolve. Finance and payroll personnel should be alert to any unusual requests for employee data.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>