Beware W2 phishing again this year

Register now

Tax authorities warn employers again this year about a W-2 phishing scam that victimized organizations — and thousands of employees — last year.

During the last two tax seasons, cyber-crooks conned payroll personnel or those with access to payroll information into disclosing sensitive information for entire workforces from small and large businesses to public schools and universities, hospitals, tribal governments and charities.

Cybercriminals pinpoint chief operating officer, school executives or others in authority. Fraudsters pose as execs to e-mail payroll personnel, requesting copies of W-2s for all employees. Criminals use that information to file fake returns or sell it on the Dark Net. The scam may open with a friendly exchange before the fraudster asks for W-2 information. In several cases, fraudsters who acquired the information immediately followed up with a request for a wire transfer.

Reports of this scam jumped to some 900 in 2017, compared with slightly more than 100 in 2016. Last year, more than 200 employers were victimized.

The Internal Revenue Service and its Security Summit partners are urging employers to consider a policy to limit the number of employees who can handle W-2 requests and require additional verification procedures. If victims notify the IRS, the agency can also help protect employees from tax-related ID theft. It can also take weeks for businesses and organizations to realize they’ve been scammed.

Employers can report W-2 data thefts to They should type “W2 Data Loss” in the subject line, attach no employee personally identifiable information, and include:

  • The business name and EIN associated with the data loss;
  • A contact name and phone number;
  • A summary of how the data loss occurred; and,
  • The volume of employees impacted.

Businesses and organizations that fall victim to the scam or that only receive a suspect email can send the full e-mail headers to, using “W2 Scam” in the subject line.

For reprint and licensing requests for this article, click here.
Phishing Tax scams Cyber attacks Tax-related ID theft Data breaches Tax season IRS