<img src="https://ws.zoominfo.com/pixel/PMY3ZvbpZt27ywWwZSBB" width="1" height="1" style="display: none;">


Remote Employees and Network Security

Working from home is not going anywhere. In fact, research shows that post-pandemic 42% of employees who worked strictly from a company-based location will not return to the office. Do you know how this will impact your business? Learn more about the tools needed to protect your client data and improve employee productivity.


W-2 Social Engineering Scams: Tax Phishing Poses Risk

Bill LaRue
3 min read
Mar 19, 2021 10:00:00 AM
This post covers:Managed IT

Here's what to look for 

As tax season is upon us, it's important to be aware of social engineering scams like W-2 phishing scams. For many of us, tax season means a pile of paperwork, receipts, and requests as well as various wage forms, including W-2 statements. Cybercriminals know the season can be stressful, and it's easy to get the public to let down their guard with the deadline looming. But there's a lot at stake. W-2 phishing scams can lead to the theft of your tax refund, your personal information, and even your identity. With that said, what is a W-2 phishing scam? How does a tax phishing scam work, and what should you watch for to protect yourself? Read on for invaluable info that can come in useful in your business.

What is a W-2 phishing scam?

Phishing scams are a method for cybercriminals to trick someone into giving them valuable information. A phishing scam can come in the form of a legitimate-looking email, text, phone call, or another attempt to connect with someone. Fraudsters are adept at making communications look like it's coming from a trustworthy source, even appearing to come from someone within a company you work for, or someone you do business with. The request is often labeled as urgent, so the user responds quickly without careful consideration. When it comes to W-2 phishing scams, a fraudster might request private tax information for an individual or a group of people.

A company employee who believes they are responding to a legitimate, urgent request from a superior or associated company might send off a treasure trove of files with information that would be incredibly valuable to a scam artist. W-2s contain important information including social security numbers, tax withholding information, income as well as a person's name and address. With that information in their possession, wrong-doers can file for a fraudulent refund of the victim's tax money, or even take out a loan or credit card in the victim's name.

How to protect yourself from tax phishing

As with most phishing scams and other cybercrimes, prevention is your best form of protection. Here are five steps you can take to protect your business and employees from W-2 phishing scams and other phishing attempts.

  • Have a clear company policy about information sharing. Your business should have guidelines for the types of information employees can send by email, as well as policies about the sharing of sensitive financial documents and other information.
  • Educate your staff. Employees should be made aware of the phishing scams and other risks associated with tax season, in particular any staff who have access to financial information.
  • Be wary of email requests. Leaders and staff alike should take great care with all email requests for information, including, but not limited to, those which request payroll information, tax info, passwords, and account information.
  • Contact the requestor in another way. Phishing scams can be hard to spot as they often originate from an email account that is just one letter or number off of the legitimate account. If staff get a request from an internal contact for sensitive information, they should be encouraged to follow up through another method, such as a phone call.
  • Notify leadership immediately. Employees who receive what appears to be a W-2 scam or other tax phishing scam should know to contact leadership and let them know about the attempt. In addition, suspect incidents can be reported to phishing@irs.gov. Be sure to make "W-2 Scam" the subject of the email.
Protect your business with security awareness training

When it comes to protecting your business from hacks, phishing attempts, and other cybercrimes, there's no substitute for an educated workforce. And with more employees working from home, it's as essential as ever. Security Awareness Training is your best line of defense from fraud and social engineering attempts like W-2 phishing scams. The experts at Locknet® Managed IT can develop a custom training program for your employees that ensures they're up to date on the latest scams and how to spot them. Contact us to learn more about W-2 tax phishing scams and other threats that put your business, employee, and customer data at risk.



Subscribe by Email