(800) 869-8643


Beware W-2 Phishing Scams

Beware W-2 Phishing Scams

Over the years the number of tax returns efiled has increased, and is expected to be around 91% of all filed returns this year. Efiling is usually quick and easy and can be done from anywhere.

This makes efiling a target for identity thieves. These thieves gain access to taxpayer information by email phishing scams, then use that data to immediately efile tax returns, routing tax refunds to their own bank accounts. The unsuspecting victim finds out when he tries to file his taxes and is told they have already been filed.

While this is a huge problem for taxpayers, it is an even bigger problem for their employers.

Here’s How It Happens

While some data breaches are hacks, many data breaches are actually human error. These breaches typically involve email phishing that seems like it would be easy to avoid.

Companies that have reported breaches in 2015 include Care.com, Seagate, and Snapchat. These companies would seem to be tech-savvy, so how did they get phished?

Someone within these and other companies received an email from another person who appears to be the CFO, the CEO or other high ranking company official. The email requests that the sender be provided information about payroll and employees like these examples provided by the IRS :

  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, and Salary).
  • I want you to send me the list of W-2 copy of employee’s wage and tax statement for 2016, I need them in PDF file type, and you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Once the information is transmitted to the sender, the thieves immediately go to work efiling tax returns based on the information. Refunds are routed to the thieves and their victims find out when they try to file their taxes later.

Here’s How You Can Prevent It

The emails may come from a spoofed account involving a company official, or from a third party company requesting this information for review or audit purposes. Spoofed emails are sometimes hard to determine, because the change can be as simple as replacing a lowercase L with the number 1, or an uppercase O with a zero, or changing the company website name just enough that it goes unnoticed. Scammers may also specify a “reply-to” email address that is different from the one the email originally came from.

Large and small businesses alike should work to be sure that payroll and tax information is kept confidential. How can your employees help safeguard information?

  1. Ask for help. If a CEO or CFO does not typically request this information, the request may be fraudulent. The employee should ask a manager or CALL the requestor to verify they need the information. Your employees should be empowered to challenge these requests for sensitive information.
  2. When responding to these requests, hit reply and then delete the email address for the recipient. Retype the recipient’s email address to be sure it is going to the right place.
  3. Use secure channels to transmit information. If your company has secure channels to send confidential data to employees or third parties those should always be used, even if it requires a few more clicks.
  4. Third party vendor information requests should always be questioned. If an employee does not typically deal with third party vendors, the email should be directed to the proper manager within the department.

Here’s What To Do If It Happens to You

Mistakes happen, especially during a busy tax season when your accounting department is working hard to provide tax forms to your employees and independent contractors. Tax refund fraud was estimated at $21 billion in 2015 , so thieves have a lot of motivation.

Unfortunately, if your company is hit by phishing scams, you could be on the hook for financial losses to your employees. In addition, notifying employees, forensic accounting and other costs associated with a data breach add up. You will even need to provide credit monitoring for your employees for up to one year, since their confidential information is no longer confidential. These costs add up.

The good news is, you can protect yourself. Cyber Liability insurance policies can be a valuable addition to your company’s insurance portfolio. Cyber Liability covers costs associated with notification, employee financial losses and more. Hayes Brokers can help you design the Cyber Liability policy to fit your company’s needs.


  1. Consumer Alert: The Latest Scams - Hayes Insurance Brokers - […] reported recently on an IRS tax scam that affected businesses. A scammer would contact a business via what appeared…

Submit a Comment

Your email address will not be published.