We always see a surge in W2 email phishing schemes this time of year, as it is tax time, and many individuals are filing their tax returns in order to get a quick refund. So are criminals and cyber-hackers.


Well scammers are in full force and we have seen a surge in W2 phishing schemes. It is so bad, that the IRS has issued another warning to companies to beware of the scheme.

It works like this: the scammers disguise emails (and they look very authentic) from the CEO or another executive and send them to employees in the payroll and HR departments. The email requests that the employees forward all of the company employees’ W2 forms to him or her. Many times, the employee does as his or her boss says, and sends them along, never knowing that it is a scam, or figuring it out the next time they are in a meeting or on the telephone.

What’s particularly disturbing now is that the scammers are not satisfied with just the W2s. If successful, they then come back with another “executive email” asking the payroll person or comptroller to make a wire transfer to a specific account or to set up a new vendor for payment. They use the signature line from the previous email sent by the payroll or HR employees in order to make the signature line look authentic at first glance. It’s a cut and paste job.

As a result of this double dipping, many companies have not only lost all the W2 forms, but company funds in false wire transfers.

This scam is happening to all businesses—no matter the size or industry. We have seen a surge in these scams like never before in the last month.

Take heed to the IRS’ warning and alert your payroll, HR and finance departments to be on high alert and to personally authenticate any requests for W2s, payroll, banking, checks, wire transfers and any other method of transferring sensitive or financial information. Companies may wish to revisit their processes and authentication methods in these areas and train employees to be vigilant and how to thwart these scams.