Vic Ryckaert, and Holly V. Hays

IndyStar

Monarch Beverage Co. is the second Indianapolis employer in as many weeks to fall victim to an expanding email phishing scheme targeting W-2 tax forms.

Indiana's largest distributor of beer and wine said Wednesday that one of its workers provided employee tax information via email to someone purporting to be a company official. W-2 forms list names, addresses and social security numbers of employees.

Monarch discovered the security breach Feb. 1 and alerted the FBI, IRS, the Indiana Department of Revenue and local law enforcement. It gave the affected employees three years of credit protection and monitoring services.

Monarch employs more than 600 people.

"We have taken steps to make sure this never happens again," Monarch said in a statement emailed to IndyStar. "We urge all employers to use caution when handling requests for sensitive information."

The email sender purported to be the company CEO in a Jan. 24 email to a company employee and requested the 2016 W-2 forms, a Monarch spokesman told IndyStar. The employee emailed the tax forms back.

While investigating, Monarch officials learned that the same employee had fallen for the same scheme last year, the company spokesman said.

This past week Scotty's Brewhouse said that the restaurant group had fallen victim to the same email phishing scheme. A worker emailed W-2 information on 4,000 workers to someone purporting to be Scotty's Brewhouse CEO Scott Wise, the company said.

The company set up a toll-free number for employees to call with questions and said it will give one year of free credit monitoring to affected employees.

This type of W-2 email phishing scheme emerged during the height of last year's tax season, the IRS said in a March 1 alert. On Feb. 2, the IRS issued a related alert that the scheme is spreading to sectors outside the business world, including school districts, tribal organizations and nonprofits.

"This is one of the most dangerous email phishing scams we’ve seen in a long time," IRS Commissioner John Koskinen said in the Feb. 2 alert. "It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.’’

A "Safeguarding taxpayer data" guide for tax preparers is available at irs.gov.

Call IndyStar reporter Vic Ryckaert at (317) 444-2701. Follow him on Twitter: @vicryc. Call IndyStar reporter Holly Hays at (317) 444-6156. Follow her on Twitter: @hollyvhays.

Scammer gets W-2s for all Scotty's Brewhouse workers