Phishing for W2’s: Cybersecurity Warning for Your Taxes

Learn More
< Back to Insights
Insights  <  Phishing for W2’s: Cybersecurity Warning for Your Taxes

Last year’s W-2 employee tax record scam is back and better than ever. The IRS warns that this common phishing attack against corporations, in which copies of your tax forms are requested, now has bigger ambitions than years past, opening its hacking arms to school districts, temporary staffing agencies, healthcare agencies, chain restaurants and non-profit and tribal organizations.

Every tax season, W-2 attacks circulate, so what makes this year so special? Insert wire transfer schemes. This year, the U.S. Internal Revenue Service has issued an “urgent alert” regarding this new, upgraded, “hybrid” attack. In years past, crooks impersonated the CEO or another corporate “higher up” via email and requested a copy of employee tax forms from their payroll/human resources staff or comptroller. But this year, attacks have been kicked up a notch with the added requests of wire transfers. These 2017 attacks generally hit organizations in two emails, one requesting the tax forms and one requesting a follow-up wire transfer.

IRS Commissioner, John Koskinen, warns companies of the danger with these attacks this year. “This is one of the most dangerous email phishing scams we’ve seen in a long time” he explained, adding, “Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.”

W-2 forms contain essentially all of the data a scammer needs to file a false tax refund request using the victim’s name, employer name and ID, address, social security number and wage and withholding information.  All of this valuable information and scammers have been noted to sell these W-2 forms and records for as low as $4 to $20 each.

So what should your business or organization do to stay vigilant against these attacks this year and in the years ahead?

Keep these cybersecurity tips in mind:

Two-step or Two-factor authentication for verifying significant banking transactions. The FBI (and blum) urges businesses to adopt this method to ensure that the right people are communicating and authorizing payments. Consider two-factor authentication for email, telephone calls, or text codes to verify in two ways that you are talking to the right person. If you can’t implement two-factor authentication, independently contact the requesting party using contact information you already have on file.

Keep a “Low Internet Profile.” Businesses are being advised to avoid posting and publishing information about employee travel and activities online and on social media. Fraud schemers look for times when execs are traveling or are outside of the office.

Report suspicious phishing attempts. Organizations receiving a W-2 scam email should forward it to and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3) operated by the Federal Bureau of Investigation. The IRS website has several recommended actions for those whose W-2 forms have been stolen, so to make sure you’ve done all you can, go to

As you prepare to help your employees get going this tax season, be sure to stay “on alert” and educate your payroll, human resources, and financial staff about the latest W-2 phishing attacks. Double check where your emails are coming from and be extra vigilant before approving a wire transfer. Here’s to a healthy and hack-free 2017 tax season!

Disclaimer: Any written tax content, comments, or advice contained in this article is limited to the matters specifically set forth herein. Such content, comments, or advice may be based on tax statutes, regulations, and administrative and judicial interpretations thereof and we have no obligation to update any content, comments or advice for retroactive or prospective changes to such authorities. This communication is not intended to address the potential application of penalties and interest, for which the taxpayer is responsible, that may be imposed for non-compliance with tax law.


Continue the Conversation with Our Team
Get in touch with us.

Contact Us