Topel Forman News

Today’s Fraud Topic (February 8, 2018)

Watch out for W-2 phishing scams

A growing number of businesses have been victimized by W-2 phishing scams. These frauds are a variation on traditional phishing scams, where criminals trick email users into providing confidential information, and then use that information to steal money or the victim’s identity.

How it works

In a W-2 phishing scam, cybercriminals, claiming to be from a company’s management, send emails to employees — typically in payroll, benefits or human resources departments. The emails request a list of employees along with their W-2 forms, Social Security numbers or other confidential data.

At first glance, the emails may look legitimate because scammers use techniques known as business email compromise or business email spoofing. Many contain the company’s logo and the name of actual executives that the thieves have obtained online. The messages use language such as “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

If the employee responds to the phishing email, criminals can use this information to file fraudulent tax returns in the employees’ names. The ultimate objective is to claim their refunds.

Education is key

Recently, the IRS released an alert urging employers to educate payroll and other employees about the dangers of W-2 phishing scams. Be sure to inform all workers, particularly those in areas that handle sensitive data, about the scams. Remind them not to click on links or download attachments from emails that are unsolicited, sent from addresses they don’t recognize or that seem in any way suspicious.

Employees often are nervous about questioning a request that appears to come from upper management. So encourage them to double-check any email request for sensitive information, no matter who appears to be making it. They should do this not by responding to the email in question, but by talking with a supervisor or colleague.

Don’t fall victim

Technology has a role to play as well. Install robust antivirus and spam filters and keep them updated.

With sensible precautions, your business can reduce the risk of falling victim to W-2 phishing scams. But if your company does fall victim, report the attack as soon as possible to dataloss@irs.govContact us for more information.


© 2018

About Topel Forman

What makes our firm special

Contact Us

Reach out to Topel Forman


Learn what we have to offer

If you have questions, please reach out to your Topel Forman contact.


Related News Posts

Stories From Women In Accounting

Stories From Women In Accounting

For International Women’s Day and Women’s History Month our Women’s Employee Resource Group and our DEI Committee hosted a panel featuring six of our professionals from tax, audit and operations. They had an inspiring and insightful conversation about their unique experiences navigating motherhood, external and self-made expectations, and being able to maintain a balanced life. Here are some highlights from our discussion: 

read more
Proposed Legislation: The Tax Relief for American Families and Workers Act of 2024

Proposed Legislation: The Tax Relief for American Families and Workers Act of 2024

On January 19, 2024, the Ways and Means Committee of the House of Representatives successfully propelled HR 7024 forward, known as the “Tax Relief for American Families and Workers Act of 2024.” The bill is the outcome of an agreement established earlier that week between the Ways and Means Committee’s Chairman Smith and the Senate Finance Committee’s Chairman Wyden.

read more