Tax, Audit, Firm and Regulatory News

Today’s Fraud Topic (February 8, 2018)

Watch out for W-2 phishing scams

A growing number of businesses have been victimized by W-2 phishing scams. These frauds are a variation on traditional phishing scams, where criminals trick email users into providing confidential information, and then use that information to steal money or the victim’s identity.

How it works

In a W-2 phishing scam, cybercriminals, claiming to be from a company’s management, send emails to employees — typically in payroll, benefits or human resources departments. The emails request a list of employees along with their W-2 forms, Social Security numbers or other confidential data.

At first glance, the emails may look legitimate because scammers use techniques known as business email compromise or business email spoofing. Many contain the company’s logo and the name of actual executives that the thieves have obtained online. The messages use language such as “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

If the employee responds to the phishing email, criminals can use this information to file fraudulent tax returns in the employees’ names. The ultimate objective is to claim their refunds.

Education is key

Recently, the IRS released an alert urging employers to educate payroll and other employees about the dangers of W-2 phishing scams. Be sure to inform all workers, particularly those in areas that handle sensitive data, about the scams. Remind them not to click on links or download attachments from emails that are unsolicited, sent from addresses they don’t recognize or that seem in any way suspicious.

Employees often are nervous about questioning a request that appears to come from upper management. So encourage them to double-check any email request for sensitive information, no matter who appears to be making it. They should do this not by responding to the email in question, but by talking with a supervisor or colleague.

Don’t fall victim

Technology has a role to play as well. Install robust antivirus and spam filters and keep them updated.

With sensible precautions, your business can reduce the risk of falling victim to W-2 phishing scams. But if your company does fall victim, report the attack as soon as possible to dataloss@irs.gov. Contact us for more information.

About Topel Forman

What makes our firm special

Learn More

Contact Us

Reach out to Topel Forman

Get in Touch

Services

Learn what we have to offer

Learn More

Topel Forman Celebrates Continued Recognition for Firm Excellence and Workplace Culture

Apr 21, 2026

Topel Forman is pleased to announce that the firm has once again been recognized by Accounting Today as Regional Leader and a Firm to Watch. Topel Forman was also named a 2026 USA Today Top Workplace winner, a national honor based entirely on employee feedback.

Understanding the Illinois Gives Tax Credit Act

Mar 25, 2026

Illinois Gives offers an opportunity to support long-term charitable endowments benefiting Illinois communities while receiving a state income tax credit. Illinois Gives contributions should be evaluated in the context of broader federal charitable planning, given that the Illinois credit both reduces Illinois income tax liability and, under federal quid pro quo rules, reduces the amount of the federal charitable deduction.

Gifting Strategies: Why The Annual Gift Tax Exclusion Matters

Mar 16, 2026

When we talk about gifting as part of a tax strategy, many people assume it’s something only the ultra-wealthy need to worry about. But gifting is actually one of the simplest and most powerful financial planning tools available – and a thoughtful gifting strategy can make a meaningful difference for your family, both now and in the long run.