<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=690758617926394&amp;ev=PageView&amp;noscript=1">
Skip to content

Protect yourself from the latest W-2 phishing scam

January 30, 2017

Written by Complete Payroll

w 2 phishing scam digital

There's currently an active phishing scheme that's targeting payroll processing and HR firms and attempting to steal sensitive W-2 information.

The scam

Just like the phishing schemes from early 2016, requests for W-2 information seem like they're coming from an executive within your own company - but they're actually from cybercriminals who are trying to steal Social Security Numbers and other information.

Here's an example of what this phishing email looks like...

W-2 phishing scam.png

The email may include requests for individual W-2 forms, earnings summaries and/or an updated list of employees with full details (including their Social Security Number, date of birth, home address and salary).

How to avoid being scammed

Here are some steps you can take to prevent these cybercriminals from obtaining sensitive information from you and your employees...

  • Call the manager or executive who "emailed" you to confirm they actually made the request. If this person isn't someone you know well or work closely with, call them from the number listed in your company directory, not the phone number provided in the email.
  • Check the "from" email address. Once again, these W-2 phishing emails seem like they're coming from someone within your company, but they're not. That means the email address might look similar, but it's not the exact same as your co-worker's email address. In fact, it may even vary from your company's standard email address format.
  • When in doubt, say something. If you're not sure what to do, it never hurts to ask the opinion of another co-worker, preferably your superior. When it comes to protecting sensitive information, you can never be too careful.

What the IRS has to say

The IRS issued an alert on March 1, 2016 - right around the time when a similar W-2 phishing scam was going around.

“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

Essentially, the IRS has advised all businesses and tax preparers to know that this W-2 phishing scam exists - and to prepare for it by being extra careful.

After seeing a 400% increase in phishing and malware incidents during the 2016 tax season, the IRS also launched a public awareness campaign to encourage everyone to do more to protect personal, financial and tax data. The campaign is called - Taxes. Security. Together. 

Subscribe to our newsletter

DISCLAIMER: The information provided herein does not constitute the provision of legal advice, tax advice, accounting services or professional consulting of any kind. The information provided herein should not be used as a substitute for consultation with professional legal, tax, accounting, or other professional advisers. Before making any decision or taking any action, you should consult a professional adviser who has been provided with all pertinent facts relevant to your particular situation and for your particular state(s) of operation.

Get The Newsletter

Bi-weekly on Thursdays. We compile HR best practices, labor law updates & other content to help you pay and manage your workforce more effectively.

Complete Payroll Circle Logo
Ready to Make the Move to Payroll Country?

Get a Quote

Related Posts