New Year Brings New W-2 Phishing Scheme

January 23, 2020|

This time of year, it is not unusual to see W-2 phishing schemes in which scammers try to steal confidential W-2 information via email requests and links. This year there’s a new twist on the now familiar scam.

Another payroll company has reported that a phishing email claiming the recipient’s W-2 is ready is targeting its users. The email contains a link to a phishing page designed to look like a legitimate company web page. But the page is actually designed to steal login credentials.

Once the criminals have the login details, they are able to access the victim’s account and steal sensitive information such as Social Security number and W-2. Scammers with legitimate W-2s can falsely file with the IRS and direct refunds to their own bank accounts.

While this scam has been identified as having targeted users of a particular payroll company, you should be prepared in the event other payroll provider users are targeted. Here are best practices for keeping your data safe.

  1. Do not click any links in emails claiming your W-2 is ready. Access your online payroll application or employee self-service website directly through your browser via a bookmark or type the usual website address in the browser address bar.
  2. If you receive a payroll-related email that looks suspicious, do not open any attachments or click any links, and call your payroll company representative.
  3. If you receive an email that looks like it was sent from someone within your organization and requests W-2 information, change of bank account, or wire funds requests, always verify the request in person or via phone using your company phone directory and not any phone number within the email.
  4. Fraudulent emails can look legitimate, so it’s important to closely inspect all emails with login links or that request sensitive data.
    • Check the sender’s email address. Amateur thieves are not always skilled at spoofing an email address, and this may help you quickly identify a scam attempt. Some scammers, however, can spoof your company’s domain, making the email look legitimate. So be sure to continue your inspection of the email.
    • Inspect the email signature for anything that is off, such as a new name, an odd title, misspellings, or different formatting from the usual company signature.
    • Hover your cursor over all links contained within the email and look at the link addresses. This can be a giveaway that you’re being directed to a different location than the email suggests. Even if the link looks okay, it is safer to type the address into your browser address bar than to click the link.
    • If in doubt, pick up the phone and verify the request!

For more information about protecting yourself and your organization, you can watch our recent cybersecurity webinar conducted by Asylas Security. The IRS website also has resources for businesses on its Form W-2/SSN Data Theft: Information for Businesses web page, including what to do if you fall victim to one of these scams.

Thank you for visiting our HR News. Please note that we do our best to fully research the topics you see here and present accurate and up-to-date information. We believe the information to be accurate but make no claims as such. We also want to share with you that we do not provide professional accounting, financial, legal or tax advice and we recommend contacting a licensed accounting, financial, legal or tax advisor for business advice. For any comments related to the HR News, please email us at