W2 phishing

February 21, 2017

As tax season is in full swing, businesses may become the target of sophisticated phishing attacks seeking employees’ W2 information.  The scam works in this way:  Someone contacts your business’ human resources or payroll department pretending to be from the IRS or an executive with the company. They request copies of employees’ W2s.  In response, the employee sends the W2, leaving information, including employees’ names, addresses, birth dates, and social security numbers in the hands of scammers.  The scammers may then file fraudulent tax returns or use the information for other identity theft purposes.

It is important that your employees understand the risks associated with this scam, especially employees in your HR or payroll departments.  Here are a few simple tips: