Media Center


How Employees Can Be The Biggest Target for W-2 Phishing During Tax Season

February 27, 2019

In the midst of tax season, organizations are moving at a rapid pace to meet deadlines and internal demands. Criminals know this hectic time is opportune for scams and fraud. Between January and April 15th, the IRS reports the number of scams has jumped significantly in the last few years. Cyber criminals research to identify empowered individuals, such as Chief Financial Officer, Chief Operating Officer and school executives within the organization. Next, they spoof/impersonate an e-mail address of an executive or use comprised business e-mail credentials to induce an employee to transfer sensitive data. Cyber criminals are impersonating an executive with the goal of duping a HR director or payroll processor within the organization for W-2 information of employees.

The e-mail usually looks something like this:

Hi- are you in the office today? I’m working from home and need the W-2 reports for all employees. Can you send as soon as possible?

Cyber criminals are anticipating an employee’s willingness to help and the request will not be questioned since it is coming from a purported executive. Because the cyber-criminals know timing is crucial, they file fraudulent W-2s within days or even hours.

Take these steps to better educate your team:

  • Clear guidelines – Training is critical for employees handling payroll or sensitive information. These members of your team should have established policies in place for W-2 and payroll data.
  • Awareness – Enterprise wide employees should be wary of phishing attempts. Our team at Oswald can help you coordinate phishing modules.
  • System configuration – E-mail alerts to identify when they are coming from outside the network. Sometimes emails appear to have originated in other countries, such as the Soviet Union or China.
  • Two step factor verification/ dual factor authentication – add a second layer of security by utilizing a code sent to an application or mobile device. This protects outsiders from gaining easier access to unauthorized information.

Cyber Liability insurance allows you as a business owner to transfer your risk in a cost effective manner. Many are unaware of the resources that come with a Cyber Liability policy. Discounts on system protection, breach coach from specialists, and password protection are just a few.

To report phishing to the IRS, email:
To file a complaint with the FBI Internet Crime Complaint Center (IC3), click here.

For More Information Contact:
Lacy Rex
Oswald Companies
Cyber Strategic Leader

Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.