Published: March 06, 2024
3 Minutes

W-2 Phishing Scam: What It Is and How To Help Protect Against It


Steve Symanovich

Staff writer

+ More
Woman working on a computer to protect against a W-2 phishing scam.

Identity thieves would love to swipe your 2024 tax refund. One way they might try is by tricking your employer with a W-2 phishing scam.

First, a quick definition: A W-2 phishing attack is a cyber tactic that hackers use to probe an organization’s infrastructure by sending an email from what might appear to be a top manager. The hackers might send a fake email from the CEO or CFO, for instance. Their aim is to acquire employees’ sensitive information from W-2s so they can leverage it to commit identity fraud.

How do W-2 phishing scams happen?

Tax season is a prime time for W-2 phishing scams. Here’s how they work in practice.

A fraudster might impersonate the CEO of a company in an email. The email—an “urgent” request—is sent to a staff member with access to employees’ Form W-2s.

The request might ask for employee tax information to be sent back in a single file. The email’s tone may be polite and direct—the fake exec needs the information right away.

For example, they might say something like: “Kindly send me the individual 2024 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

Eager to please the boss, the employee gathers the tax forms and emails them back.

Mission accomplished—for the identity thief. But it can be bad news for employees who have had personal information handed over to criminals.

Why your Form W-2 needs protection

W-2s are those essential forms you include when you file your taxes. They contain information such as your name, address, Social Security number, income, and tax withholdings.

That’s just about everything a fraudster needs to commit tax-related identity theft. Tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.

And that might not be the end of it. That same information could be used to open a new credit card or take out a loan in your name.

W-2 phishing schemes have wide reach

W-2 tax scams first surfaced in 2016 and since then fraudsters have taken wide aim, hitting companies, payroll service providers, hospitals, nonprofits, public schools, and universities.

In one incident, a government cybersecurity contractor fell victim to the scam. Fraudsters stole the W-2 data of all employees.

W-2 phishing scams are back for the 2024: According to the CyberRisk Alliance, W-2 frauds already increased by 130% between December 2023 and January 2024. The scams can be sophisticated and convincing. That’s why employers and employees should know how to help protect against them.

5 ways to help protect against W-2 phishing scams

How can you minimize the chance of becoming a victim of a W-2 phishing scam? Company policies play a role. The individual efforts of staffers also play a role. Here are five ways to help protect against W-2 phishing schemes.

  1. Raise awareness: Employers should remind staff that it’s high season for W-2 phishing scams. Make sure employees—especially financial staff with access to tax information—know about the threat.
  2. Follow company policy: Employers often have policies about what can of information can be sent by email. This usually includes rules regarding sensitive financial information. Sometimes, for instance, top executives are not allowed to make such requests via email.
  3. Stay vigilant: If you receive an email asking for sensitive information, do not comply. Such requests might include not only tax information or payroll records, but also account numbers or passwords.
  4. Verify the sender: If you receive a request from a company executive, contact the sender by phone to help make sure the request is legitimate. Be careful about sending the information, even if the executive says it’s OK.
  5. Flag scam emails: If you receive a W-2 scam email, let your employer know. Also, forward the email to and put “W2 Scam” in the subject line.

Taking protective measures is no guarantee you won’t fall victim to a W-2 phishing scam. So, here’s a bonus tip for this tax season: It’s smart to file your taxes early, before identity thieves do it for you.

Editorial note: Our articles provide educational information for you. LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Dropbox Not Hacked, But Your Account May Have Been Compromised
Dropbox said no breach had happened on its servers. “Your stuff is safe. The usernames and passwords…were stolen from unrelated services, not Dropbox.
Read More
What Is the Dark Web and Other Deep Web Terms
Check out this expansive glossary of terms to gain a better understanding of how the dark web works.
Read More
What Is Medical Identity Theft?
Medical identity theft occurs when someone steals your personal information and uses it to obtain medical services, treatment or drugs. Learn more.
Read More
What Is Shoulder Surfing?
Shoulder surfing can lead to financial wipeout—yours. What is shoulder surfing? A dangerous sport, if you’re the victim.
Read More

Start your protection,
enroll in minutes.

Get discounts, info, protection tips, and more.

Sign up for promotional emails.