This is a Thought Leadership Article by PrimeGlobal member firm Allen, Gibbs & Houlik, L.C. (AGH) which provides an update on the single audit micro-purchases threshold.

With the ongoing risk of identity theft and W-2 scams, a recent news release from the IRS reminds employers to protect employee information and how to report scams.

The W-2 scam in particular has become more prevalent and dangerous. Here’s how it often works:

  • A payroll or human resources employee receives an email that appears to be from a supervisor or executive.
  • The email usually has a casual and conversational approach, simply asking if the employee is in the office that day, for example. By the end of the email exchange, the sensitive data is requested – perhaps tagged as a need for verification purposes – and all of an organization's Forms W-2 for their employees are in the hands of cybercriminals.
  • Because the payroll or HR employee believes they are responding to an internal request, it may take weeks to realize the data theft has occurred.

What to do if you've been scammed

Due to the threat to taxpayers, a special IRS reporting process has been established. The following is a list of reporting instructions for impacted employers:

  1. Notify the IRS of a W-2 data loss by sending an email to To ensure the email can be routed properly, list the subject line as “W2 Data Loss” and include your contact information. Do not include or attach any employee personally identifiable information.
  2. Get information on how to report victim information to the states by sending an email to the Federation of Tax Administrators at
  3. File a complaint with the FBI’s Internet Crime Complaint Center at Businesses and payroll service providers may be asked to file a report with their local law enforcement agency as well.
  4. Forward the scam email to

Finally, the IRS advises employers act quickly and notify employees. The employee may then take steps to protect themselves from identity theft. The Federal Trade Commission's website provides guidance on steps to take.

As we shared in this recent alert, employers should also be aware that they can be responsible for damages in such phishing scams.

How to protect your organization from such scam or phishing threats

Phishing exploits human weaknesses even more than technical vulnerabilities. If you want to effectively protect your network from phishing attacks, address the human source of the problem. This can be addressed first and foremost through educating and training your employees. Most employees are willing to help, but won’t be able to if they don’t know how.

At AGH, our technology professionals are equipped with the tools necessary to help educate your staff on the dangers of phishing and reduce their susceptibility to attacks, as well as how to improve their handling of sensitive information. Our training addresses your employees’ vulnerabilities and leaves them better prepared to protect your information assets.

Additionally, consider consulting with experts at AGH before a cyber crisis happens. An incident response plan and mitigation efforts can help your company recover more quickly and with less disruption should a cyber security incident occur. Finally, the AGH team is prepared to assist in emergency situations as well. Notify us immediately should you find your organization’s data has been compromised. If you'd like more information on protecting your employees' information or payroll processes from phishing threats, contact AGH.

Content by:

Allen, Gibbs & Houlik, L.C.

Built on the foundation of a strong audit and tax practice and driven by client need, Allen, Gibbs & Houlik, L.C. (AGH) offers a broad range of advisory services in multiple industry sectors. AGH looks forward to the opportunity to help and exchange knowledge within the PrimeGlobal member firms. Outside the “traditional” accounting arena, client needs led AGH to create advisory services addressing those concerns. AGH Employer Solutions helps clients recruit, compensate, engage and retain talent, handle payroll or provide an outsourced CFO/controller. AGH Advisors walks companies through business transitions, mergers and acquisitions, from analyzing options to post-merger operation.

Learn more