Skip to the main content.
FAQs

Frequently asked questions.

Videos

Instructional videos about Horizon and working with our solutions.

Downloads

Helpful downloads and eBooks to empower your business.

Tax & HR Alerts

Helpful tax and HR alerts to help keep your business compliant.

Forms & Documents

Payroll and tax-related forms and documents.

Blog

Horizon's blog provides valuable insight into payroll, compliance, human resources, and more.

Success Stories

See our client success stories for a case study on how we can help your business.

Featured blog post

How Long Should Employee Onboarding Take

Featured blog post

Tips For Success With Seasonal Employees

Our Team

Payroll and HR strategy requires intelligent technology, personal attention and specialized expertise in the needs and nuances of your business. 

Clients & Industries

We provide payroll and tax processing services for businesses from 1 to 1,000 employees or more. Today, we have nearly 1,000 customers in 40 states.

3 min read

W-2 Phishing Scam Targets Small Businesses, Schools and Others

hacker-1944688_1280-444632-edited.jpg

 

As if you need one more thing to worry about this time of year, the IRS has issued an urgent alert regarding phishing scams. These scams target sensitive employee information which crooks can then use to commit various identity crimes, including filing fraudulent tax returns. These types of scams have previously targeted larger corporations but are now going for other sectors including school districts, tribal organizations, nonprofits and small to medium-sized businesses. What can you do to stay one step ahead?

Understand How W-2 Phishing Scams Targets Data & Funds

One scheme, which the IRS refers to as "one of the most dangerous email phishing scams we've seen in a long time," targets HR and payroll departments with the intent of stealing employee data. The scam is referred to as business email compromise (BEC) or business email spoofing (BES). Cybercriminals pull off BEC or BES by posing as company executives, requesting W-2s or other personal employee information from HR or payroll departments.

This BEC scam first appeared last year and, based on reports, has gained momentum in recent weeks. Additionally, as these criminals become emboldened, they pursue access to funds as well as data.  This year, cybercriminals have begun to follow up on fraudulent requests for employee data with a second spoofed executive email requesting funds be wired to a specified account. Companies have lost employee W-2s and thousands of dollars to these scams. 

There are several other spoofing scams that have materialized over the past few years focused on theft of sensitive tax information. Individual taxpayers have been hit, as well as tax professionals themselves. However, cybercriminals appear to be shifting tactics - they're targeting more businesses in order to acquire larger stores of data.

What Can Employers Do

Employers are urged to share information about these scams with their payroll, finance and human resources employees. Employers are also advised to strictly enforce internal policies around the transferring of funds and distribution of W-2s or other sensitive information.  Additional actions you can take include:

  • Educate your staff about various online and phishing scams. The IRS's Identity Protection: Prevention, Detection and Victim Assistance website includes guidance on how to report a scam.
  • If you or one of your employees receive a suspicious email, DO NOT REPLY, OPEN ANY ATTACHMENTS or CLICK ANY LINKS. Forward the email as is to phishing@irs.gov with the subject 'W2 Scam." Then, delete the original email.
  • If you or one of your employees receive an unexpected phone call from someone claiming to be from the IRS, write down their name and badge number. Call 1-800-366-4484 to determine if the caller is an lRS employee with a reason to call you.
  • If you receive an unexpected letter, written notice or fax from the IRS,  determine whether or not it's legitimate. You can do this on the IRS home page or the Understanding Your Notice or Letter page. Keep in mind that fraudulent letters, notices and forms often look like the real thing. If you suspect that you really do owe taxes or need to verify that the IRS is trying to reach you, call them at 1-800-829-1040.
  • Be cautious when searching for tax professionals or technical assistance online. The IRS offers resources to help find reliable assistance.
  • Use Federal Trade Commission free resources that help businesses manage data security and safeguard employee's personal information.

If Your Data Has Been Breached

The Federal Trade Commission has a free guide that advises businesses on responding to a data breach. The guide provides suggestions on how to:

  • Move quickly to secure your system
  • Where to start fixing vulnerabilities
  • Determine who needs to be notified and how to do it

Employees whose W-2s have been stolen can find help on the Federal Trade Commission website. If an employee's tax return is rejected due to a duplicate Social Security number, he/she should file an Identity Theft Affidavit (IRS Form 14039).

We're here to help

Although we can't prevent scam artists and cybercriminals from targeting your company or organization, we are here to help in any way we can.  For example, our payroll solutions offer integration with TurboTax. This feature allows W-2 data to be transmitted via an encrypted, secure connection to the TurboTax servers for automatic download if your employees elect to use the tax filing software and choose to import their W-2 data automatically.  

Our 24 hour HR On Demand service is there to answer questions about your business 24 hours a day.  As you develop policies, respond to requests, or develop your action/reaction plan, our seasoned HR professionals offer guidance based on Human Resources laws and best practices.  

And our LifeLock protection solution offers proactive identity theft protection.  Although this service will not in and of itself prevent identity theft if personal employee data is breached by a scam described in this blog post, LifeLock offers comprehensive and innovative monitoring service that will alert an employee as soon as a problem is detected based on a myriad of other ways all of our identities are at risk today.  The more quickly your staff are made aware their identity has been compromised, the more quickly they can shut down the fraud.  Also, once alerted, if additional action is required, Certified Resolution Specialists are available to handle each case every step of the way. In fact, LifeLock will spend up to $1 million to hire the experts necessary.

Learn more about our payroll solutions

Taxes, Wages and ACA Compliance: Don’t Drop the Ball in the New Year

5 min read

Taxes, Wages and ACA Compliance:  Don’t Drop the Ball in the New Year

2018 is coming fast! Are you paying attention to the changes and deadlines that are right around the corner? Our tips will help you navigate...

Read More
Ready or Not, 2019 is Almost Here!

3 min read

Ready or Not, 2019 is Almost Here!

It might be hard to believe, but 2018 is drawing to a close. Right now your company may be preparing for a slow-down during the holiday season,...

Read More
Imminent Changes to New Federal Overtime Laws

6 min read

Imminent Changes to New Federal Overtime Laws

After the recent management shift at the Department of Labor, experts are encouraging businesses to prepare sooner than later for upcoming changes to...

Read More