W-2 wage statements became available online this week and every year several convincing phishing messages are crafted by tax scammers and sent to Campus to trick victims into giving out personal information. Taxpayers should continue to watch out for fake emails and/or websites looking to steal personal information during the 2019 filing season.
Be wary of any message asking for W-2 or other tax information. Additionally, during the UCPath conversion scammers may send emails with fraudulent links. Do not open any attachments or click on any email links. The UC does not send tax statements to employees by email or text. If you receive an email or text that has an attachment to view your W-2 or other tax statement, it is a phishing scam designed to gain your private information. Be extra alert during this time of transition.
Over the past few years, tax scams were primarily seen in two forms on campus:
- Extremely authentic looking emails impersonating UC communications about how to access your W-2 statement.
- These emails looked almost exactly like the genuine UC emails, but contained a harmful link intended to steal passwords and personal information.
- Emails direct to financial and payroll employees requesting copies of employee W-2 forms.
- These emails looked like they were from executive management, such as the UC President, or the head of Financial Affairs, and requested copies of employee W-2 forms for review purposes.
To protect yourself against harmful links, use these tips:
If you have consented to having an electronic copy of your W-2 statement made available online, it will only be available directly on the At Your Service Online (AYSO) website. AYSO is hosted by the University of California, Office of the President and should only be accessed using the following address:https://atyourserviceonline.ucop.edu/ayso/
- To avoid clicking on a harmful link in a potential phishing message, manually enter the AYSO address into your browser's address bar when you are ready to download your W-2 form:
- Alternatively, you may access AYSO directly from the Blu Self-Service portal (left-hand menu) at: https://blu.berkeley.edu
(Note: Campus VPN and CalNet ID login are required for off-campus access to Blu)
- Report any suspicious emails by forwarding them with full headers to firstname.lastname@example.org.