Cyber Liability Update: Tax Season and W2 Phishing Scams

Most companies are familiar with phishing emails and train their employees to recognize suspicious emails sent from malicious actors. Less commonly discussed, however, are W2 scams that target human resources departments.

During tax season, cybercriminals target human resources departments by impersonating an executive of the company, most notably through email. The goal is to obtain W2 information then file a fraudulent tax return and collect the refunds. This time of year is ripe for malicious actors, as HR personnel are busy preparing tax information for employees and sharing sensitive data through multiple departments.

Even after employees receive their W2, HR departments need to stay vigilant and keep an eye out for phishing emails. For most people, tax season doesn’t end until they’ve filed a return, and employees are bound to have questions leading up to that time. Human resources professionals should be on the lookout for suspicious emails from anyone asking for individual or bulk tax information. Multiple grammatical errors and blurry headers are also signs of cybercriminals.

According to IRS Commissioner John Koskinen, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme.”

The W2 phishing scam is occurring earlier in the tax season and to a broader scope of organizations. The number of attacks increased by 870 percent last year and there’s no evidence to suggest these attacks will slow down. As far as action an employer should take, it is recommended to send an email to and place “W2 Scam” in the subject line.

Cyber Liability Insurance policies cover risks associated with W2 scams. For a consultation or assistance with any cyber inquiries, contact us today.