Complete Story


W-2 Phishing Scam: What It Is and How To Help Protect Against It


Identity thieves would love to swipe your 2018 tax refund. One way they might try is by tricking your employer with a W-2 phishing scam.

Consider this: W-2 phishing schemes fooled more than 100 employers in the first 10 weeks of the 2017 tax season. That put more than 120,000 taxpayers at risk for identity fraud. The Internal Revenue Service warned that the scam went beyond employers to other industries and entities such as education, tribes and charities.

First, a quick definition: A W-2 phishing attack is a cyber tactic that hackers use to probe an organization’s infrastructure by sending an email from what might appear to be a top manager. The hackers might send a fake email from the CEO or CFO, for instance. Their aim is to acquire employees’ sensitive information from W-2s so they can leverage it to commit identity fraud.

How do W-2 phishing scams happen?

Tax season is a prime time for W-2 phishing scams. Here’s how they work in practice.


Printer-Friendly Version