W2 Phishing Scams

Posted · Add Comment

Ian Marlow HeadshotBy Ian M. Marlow
March 21, 2016

You’re furiously working through your inbox, trying to chip away at the emails that seem to multiply faster than rabbits. You feel like you’re getting somewhere, when all of a sudden you see one from your boss, asking—no demanding—W2 files for certain employees now.

“Oh crap,” you think. “I’d better get on this right away.”


You could be just one click away from making yourself and your company victims of a phishing scam that could cost vast amounts of dollars, headaches, and time to get out of.

Scammers are pretty intelligent people. They know that most workers who see an email from a higher-up in the company will jump to it, at the risk of incurring the wrath of the big boss. That’s their way in. They think you’ll just do as you’re told, and then they have access to tax information that they will use to file false tax returns for these unsuspecting people.

Tax fraud is a hotbed for criminal activity. According to the IRS, tax refund fraud losses could go as high as $21 billion in 2016. This has caused the agency to issue warnings to Human Resource and Payroll Managers, alerting them to the scheme. Here are some of the exact words used in these fake emails:

  • “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home, Address, Salary).”
  • “I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

While it is conceivable that your boss could need financial information for employees at some point, if a request of this nature finds its way into your inbox, you must check first to be sure that it is legitimate. This could cause your fellow employees—and possibly you—major problems with tax refund fraud and identity theft. This is a headache that no one should have to deal with.

If you have questions about how to recognize these scam emails, contact FITECH today at (212) 223-TECH (8324), email info@fitechllc.com or visit www.fitechllc.com. You can also find us on these social media outlets: Facebook, Twitter, LinkedIn, YouTube, and Google+.