Skip to Main Content
LifeLock Logo
Call us: 1-800-416-0599
Phone number Call us
Get protection

ID Theft Resources

  1. Learn
  2. ID Theft Resources
  3. W-2 Phishing Scam: What It Is and How To Help Protect Against It
Share Article
Facebook Contact Linkedin Contact
04 February, 2021
|
3 Minutes
W-2 Phishing Scam: What It Is and How To Help Protect Against It
SS

Steve Symanovich

Staff writer

+ More
Display image

 

Identity thieves would love to swipe your 2018 tax refund. One way they might try is by tricking your employer with a W-2 phishing scam.

Consider this: W-2 phishing schemes fooled more than 100 employers in the first 10 weeks of the 2017 tax season. That put more than 120,000 taxpayers at risk for identity fraud. The Internal Revenue Service warned that the scam went beyond employers to other industries and entities such as education, tribes and charities.

First, a quick definition: A W-2 phishing attack is a cyber tactic that hackers use to probe an organization’s infrastructure by sending an email from what might appear to be a top manager. The hackers might send a fake email from the CEO or CFO, for instance. Their aim is to acquire employees’ sensitive information from W-2s so they can leverage it to commit identity fraud.

How do W-2 phishing scams happen?

Tax season is a prime time for W-2 phishing scams. Here’s how they work in practice.

A fraudster might impersonate the CEO of a company in an email. The email—an “urgent” request—is sent to a staff member with access to employees’ Form W-2s.

The request might ask for employee tax information to be sent back in a single file. The email’s tone may be polite and direct—the fake exec needs the information right away.

The IRS cites this example: “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

Eager to please the boss, the employee gathers the tax forms and emails them back.

Mission accomplished—for the identity thief. But it can be bad news for employees who have had personal information handed over to criminals.

Why your Form W-2 needs protection

W-2s are those essential forms you include when you file your taxes. They contain information such as your name, address, Social Security number, income, and tax withholdings.

That’s just about everything a fraudster needs to commit tax-related identity theft. Tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.

And that might not be the end of it. That same information could be used to open a new credit card or take out a loan in your name.

W-2 phishing schemes have wide reach

W-2 phishing scams first surfaced in 2016. The scheme has become a lot more prevalent since then. In the first four months of 2017, 870 organizations told the IRS they received a W-2 phishing email. That compares to about 100 organizations in the same period a year earlier.

Fraudsters have taken wide aim, hitting companies, payroll service providers, hospitals, nonprofits, public schools, and universities.

In one incident, a government cybersecurity contractor fell victim to the scam. Fraudsters stole the W-2 data of all employees.

The IRS has warned W-2 phishing scams are back for the 2018 tax season. The scams can be sophisticated and convincing. That’s why employers and employees should know how to help protect against them.

5 ways to help protect against W-2 phishing scams

How can you minimize the chance of becoming a victim of a W-2 phishing scam? Company policies play a role. The individual efforts of staffers also play a role. Here are five ways to help protect against W-2 phishing schemes.

  1. Raise awareness: Employers should remind staff that it’s high season for W-2 phishing scams. Make sure employees—especially financial staff with access to tax information—know about the threat.
  2. Follow company policy: Employers often have policies about what can of information can be sent by email. This usually includes rules regarding sensitive financial information. Sometimes, for instance, top executives are not allowed to make such requests via email.
  3. Stay vigilant: If you receive an email asking for sensitive information, do not comply. Such requests might include not only tax information or payroll records, but also account numbers or passwords.
  4. Verify the sender: If you receive a request from a company executive, contact the sender by phone to help make sure the request is legitimate. Be careful about sending the information, even if the executive says it’s OK.
  5. Flag scam emails: If you receive a W-2 scam email, let your employer know. Also, forward the email to phishing@irs.gov and put “W2 Scam” in the subject line.

Taking protective measures is no guarantee you won’t fall victim to a W-2 phishing scam. So, here’s a bonus tip for this tax season: It’s smart to file your taxes early, before identity thieves do it for you.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Thumbnail Image Alt Text
Dropbox Not Hacked, But Your Account May Have Been Compromised
Dropbox said no breach had happened on its servers. “Your stuff is safe. The usernames and passwords…were stolen from unrelated services, not Dropbox.
Read More
Thumbnail Image Alt Text
Can Your Identity Be Stolen With Only a Name and Address?
Stay informed about the latest identity theft news and stories about what law enforcement and elected officials are doing to protect consumers from becoming victims.
Read More
Thumbnail Image Alt Text
Check-date fraud: Date your checks “2020” — here’s why | NortonLifeLock
If you don’t date your checks by using the full four-digit year in 2020, you could increase your chance of becoming a victim of check fraud.
Read More
Thumbnail Image Alt Text
Child Identity Theft by a Parent: What You Need to Know
Stay informed about the latest identity theft news and stories about what law enforcement and elected officials are doing to protect consumers from becoming victims.
Read More

Start your protection,
enroll in minutes.

Start membership
Get discounts, info, protection tips, and more

Sign up for promotional emails

We use the information you provide in accordance with our Global Privacy Statement.

The LifeLock Brand is part of NortonLifeLock Inc. LifeLock identity theft protection is not available in all countries.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.