Since 2016 the IRS has been reporting the increase in phishing scams during the tax season. Over the years cybercriminals have learned the most efficient ways to target you and steal your info. The phishing emails will often impersonate someone within your organization that has the authority to access W-2 forms and other personal employee information. Once you send them the correct information, they can file your employees’ W-2 forms and collect the money themselves or sell personal information to other cybercriminals online.
There are a few things you can do to avoid a phishing scam. For starters, verify all email addresses asking for personal information. Cybercriminals are skilled at making these emails look legitimate, but there usually is one small difference in the email address, such as dropping one letter or adding a period, that will confirm this is not the correct person. Also, many of these emails contain grammatical errors that should catch your attention and warn you of a potential scam. Lastly, if you are ever unsure if you are supposed to be sending this confidential information through email, contact your technical support team to assist you and review the email.
If you receive a W-2 phishing scam email, forward it to firstname.lastname@example.org with 'W2 Scam' in the subject line.