Close this search box.

Cyber Security Alert: W-2 Phishing Scams

IT employee performing wiring maintenance in an IT closet.

W-2 Phishing Scams Target Payroll Departments in Pursuit of Employee Data

Don’t rush through your unread emails this tax season. Sophisticated W-2 phishing scams are likely to hit your inbox soon.

For several years now, cyber criminals have successfully used sophisticated social engineering tactics to dupe hundreds of payroll and HR departments into providing W-2 data on their employees, which results in the filing of fraudulent tax returns, identity theft cases, and even class-action lawsuits against the company.

Who’s Targeted: Payroll & HR Departments; Accounting Firms & CPAs

Who’s Sending: Sophisticated, career cyber criminals interested in profiting through the sale of bulk W-2 and identity information

The Consequences: Fraudulent tax returns, identity theft, class-action lawsuits

Successful attacks are incredibly disruptive to employees, extremely expensive for employers—and completely avoidable with awareness training.

What to Look Out For

The typical W-2 phishing email is spoofed to look like it is from a high-level executive and asks the employee to provide W-2 or other tax-related information either by replying to the phishing email, by sending the information to another email address, or to upload it to a server owned by the bad guys.

In many instances, the request for the information comes with a high sense of urgency, which compels the employee to act quickly. Plus, the appearance of the emails are designed to be replicas of legitimate emails from the executive and often contain the actual signature block.

Urgency coupled with the appearance of authenticity often cause the recipient to act without second thought.

How to Keep Your Employees From Falling for W-2 Scams

Warn your employees to “Think Before They Click” and to follow proper procedure—especiallywhen the email contains a strange request and appears to be from the CEO.

Inoculate Your Employees With Security Awareness Training

Corsica Technologies provides simulated phishing training and online security awareness training to businesses seeking to bolster their security through employee education. If you’re already a Security Awareness Training customer, you have access to ready-to-send W-2 phishing templates similar to the one below to train employees with access to employee W-2 information.

What To Do If Your Company Receives a W-2 Phishing Email

Do: Forward the email to phishing@irs.gov and place “W2 Scam” in the subject line

Don’t: Reply or forward the email to other employees or executives

Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center (IC3,) operated by the FBI.

Employees whose Forms W-2 have been stolen should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft.

Employees should file a Form 14039 (PDF) Identity Theft Affidavit, if the employee’s own tax return rejects because of a duplicate Social Security number or if instructed to do so by the IRS. As a rule of thumb, file your taxes quickly.

Interested in preparing your employees for sophisticated phishing attempts? Email us and ask us about a demo of our simulated phishing tool. 

Corsica Technologies
Corsica provides personalized service and a virtual CIO (vCIO) who serves as a strategic advisor. When it comes to the complex integration of solutions for IT and cybersecurity, the whole is greater than the sum of its parts. We offer cybersecurity solutions, managed services, digital transformation, resale services, and one-off technology projects. Corsica unifies any combination of these services into a complete, seamless solution.

Related Reads

Sign Up For Our Newsletter

Stay up-to-date on the Managed Services and Cybersecurity landscape, and be the first to find out about events and special offers.