Skip to Main Content

W-2 Phishing Scam: What It Is and How To Help Protect Against It

Woman working on a computer to protect against a W-2 phishing scam.

Identity thieves would love to swipe your 2024 tax refund. One way they might try is by tricking your employer with a W-2 phishing scam.

First, a quick definition: A W-2 phishing attack is a cyber tactic that hackers use to probe an organization’s infrastructure by sending an email from what might appear to be a top manager. The hackers might send a fake email from the CEO or CFO, for instance. Their aim is to acquire employees’ sensitive information from W-2s so they can leverage it to commit identity fraud.

How do W-2 phishing scams happen?

Tax season is a prime time for W-2 phishing scams. Here’s how they work in practice.

A fraudster might impersonate the CEO of a company in an email. The email—an “urgent” request—is sent to a staff member with access to employees’ Form W-2s.

The request might ask for employee tax information to be sent back in a single file. The email’s tone may be polite and direct—the fake exec needs the information right away.

For example, they might say something like: “Kindly send me the individual 2024 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

Eager to please the boss, the employee gathers the tax forms and emails them back.

Mission accomplished—for the identity thief. But it can be bad news for employees who have had personal information handed over to criminals.

Why your Form W-2 needs protection

W-2s are those essential forms you include when you file your taxes. They contain information such as your name, address, Social Security number, income, and tax withholdings.

That’s just about everything a fraudster needs to commit tax-related identity theft. Tax-related identity theft occurs when someone uses your stolen Social Security number to file a tax return claiming a fraudulent refund.

And that might not be the end of it. That same information could be used to open a new credit card or take out a loan in your name.

W-2 phishing schemes have wide reach

W-2 tax scams first surfaced in 2016 and since then fraudsters have taken wide aim, hitting companies, payroll service providers, hospitals, nonprofits, public schools, and universities.

In one incident, a government cybersecurity contractor fell victim to the scam. Fraudsters stole the W-2 data of all employees.

W-2 phishing scams are back for the 2024: According to the CyberRisk Alliance, W-2 frauds already increased by 130% between December 2023 and January 2024. The scams can be sophisticated and convincing. That’s why employers and employees should know how to help protect against them.

5 ways to help protect against W-2 phishing scams

How can you minimize the chance of becoming a victim of a W-2 phishing scam? Company policies play a role. The individual efforts of staffers also play a role. Here are five ways to help protect against W-2 phishing schemes.

  1. Raise awareness: Employers should remind staff that it’s high season for W-2 phishing scams. Make sure employees—especially financial staff with access to tax information—know about the threat.
  2. Follow company policy: Employers often have policies about what can of information can be sent by email. This usually includes rules regarding sensitive financial information. Sometimes, for instance, top executives are not allowed to make such requests via email.
  3. Stay vigilant: If you receive an email asking for sensitive information, do not comply. Such requests might include not only tax information or payroll records, but also account numbers or passwords.
  4. Verify the sender: If you receive a request from a company executive, contact the sender by phone to help make sure the request is legitimate. Be careful about sending the information, even if the executive says it’s OK.
  5. Flag scam emails: If you receive a W-2 scam email, let your employer know. Also, forward the email to phishing@irs.gov and put “W2 Scam” in the subject line.

Taking protective measures is no guarantee you won’t fall victim to a W-2 phishing scam. So, here’s a bonus tip for this tax season: It’s smart to file your taxes early, before identity thieves do it for you.

Editor’s note: Our articles provide educational information. LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about.

This article contains

    What Is the Dark Web and Other Deep Web Terms
    Check out this expansive glossary of terms to gain a better understanding of how the dark web works.
    Read More
    Warning Signs That You're a Victim of Tax Refund Identity Theft
    The IRS says that if you receive one of these notices, it could be the first sign that you're a victim of tax refund identity theft.
    Read More
    Steps to Help You Recover from 5 Kinds of Identity Theft
    If you are a victim of identity theft, you need to take action—and quickly. Learn some of the steps to consider as you take on the task of restoring your identity.
    Read More
    Seniors: Victims of Identity Theft
    Stay informed about the latest identity theft news and stories about what law enforcement and elected officials are doing to protect consumers from becoming victims.
    Read More

    Start your protection,
    enroll in minutes.

    Get discounts, info, protection tips, and more.

    Sign up for promotional emails.