How to help protect against phishing scams during tax season


W-2 phishing scams are on the rise especially during tax season. The IRS reported an estimated 400% increase in phishing and malware incidents from 2015 to 2016.

With the IRS’s due date of April 17th looming, fraudsters are rapidly trying to cash in on tax refunds. The IRS has reported that it has seen a 400% surge in phishing and malware incidents between the 2015 and 2016 tax seasons. This type of scam, which has come to be known as business email compromise (BEC), or business email spoofing (BES), has affected all kinds of businesses ranging from high-profile corporations to small businesses and schools.

What is a phishing scam?

A phishing scam is usually executed through email messages, phone calls or websites. Cybercriminals contact the potential victims through these channels and try to convince them to install malicious software on their devices. Or they use social engineering to convince their targets to hand over their personal information.

What is a W-2 phishing scam?

One of the ways a W-2 scam is carried out is when the scammer pretends to be a member of upper management and targets a more junior member of the organization. A phishing email from the cybercriminal requests that the target employees — usually in the finance, payroll or human resources departments — send W-2 forms for inspection. The emails appear legitimate and may sometimes include a phishing link.

The cybercriminal can send these phishing emails from a stolen email address or even from what appears to be a genuine email address with a few minor changes. A different “Reply-to” address can be set in the email so that when a victim replies with a W-2 form, the reply goes to an account under the attacker’s control, and not to the address it appears to have originated from.

It is important to realize that these documents contain tax and wage information for employees as well as their Social Security number, home address and employment location. Once these documents are obtained, the criminals could file fraudulent taxes or post this information for sale on the dark web where cybercriminals can use to it commit other crimes like identity theft.

How to help prevent W-2 scams

  • Inform and educate your employees to be cautious of fraudulent emails. Do not click on links and attachments in emails from unknown senders, or act on requests that seem unusual or don’t follow normal procedures. Avoid providing personal information when answering an email, unsolicited phone call, text message or instant message.
  • Additionally, do not reply to any emails that seem suspicious. Obtain the sender’s address or phone number from the corporate address book and ask them about the message. Never use the contact information provided in the email.
  • Never enter personal information in a pop-up web page or anywhere else that you did not initiate.
  • Keep security software and all other software programs updated.
  • Report security warnings from your Internet security software to IT immediately. Chances are they aren’t aware of all threats that occur.

Cybercriminals are getting more sophisticated and operate with an arsenal of tools to attempt to file fraudulent tax returns and maybe commit other forms of identity theft. Being aware of these traditional scamming methods is a good first line of defense.

How to report a phishing email

The IRS is taking proactive steps to prevent phishing incidents. If you think you received a phishing email or phone call, be sure to visit and report the incident to the IRS.

As the line between our real life and digital life blurs with advancements in technology, it is important to be mindful of your personal information’s security. Keeping your digital devices, such as smartphones, PCs and laptops, protected with Norton Security Premium is one measure of online information security. It comes with online storage for file backup and multiple device protection that helps keep malware and viruses at bay. To help protect your identity, trust LifeLock. Lifelock uses monitoring technology and alert tools to help proactively safeguard your credit and finances.

This unique combination of having Norton Security and LifeLock, two industry leaders in digital safety helping guard your digital life, will help you explore the Internet safely.

As you get your paperwork ready for the tax season stay safe and help keep your digital life protected.


Disclaimers and references:

No one can prevent all identity theft.
LifeLock does not monitor all transactions at all businesses.

Don’t wait until a threat strikes.

Security threats and malware lurk on Windows PCs, Macs, and Android and iOS devices. If you use more than one device – like most of us do – you need an all-in-one security suite. Meet Norton Security Premium.

Enjoy peace of mind on every device you use with Norton Security Premium.

Norton logo
  • Norton
Norton empowers people and families around the world to feel safer in their digital lives

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.