ID Theft

How to help protect against phishing scams during tax season

Written by a NortonLifeLock employee


With the IRS’s due date of April 17th looming, fraudsters are rapidly trying to cash in on tax refunds. The IRS has reported that it has seen a 400% surge in phishing and malware incidents between the 2015 and 2016 tax seasons. This type of scam, which has come to be known as business email compromise (BEC), or business email spoofing (BES), has affected all kinds of businesses ranging from high-profile corporations to small businesses and schools.

What is a phishing scam?

A phishing scam is usually executed through email messages, phone calls or websites. Cybercriminals contact the potential victims through these channels and try to convince them to install malicious software on their devices. Or they use social engineering to convince their targets to hand over their personal information.

What is a W-2 phishing scam?

One of the ways a W-2 scam is carried out is when the scammer pretends to be a member of upper management and targets a more junior member of the organization. A phishing email from the cybercriminal requests that the target employees — usually in the finance, payroll or human resources departments — send W-2 forms for inspection. The emails appear legitimate and may sometimes include a phishing link.

The cybercriminal can send these phishing emails from a stolen email address or even from what appears to be a genuine email address with a few minor changes. A different “Reply-to” address can be set in the email so that when a victim replies with a W-2 form, the reply goes to an account under the attacker’s control, and not to the address it appears to have originated from.

It is important to realize that these documents contain tax and wage information for employees as well as their Social Security number, home address and employment location. Once these documents are obtained, the criminals could file fraudulent taxes or post this information for sale on the dark web where cybercriminals can use to it commit other crimes like identity theft.

How to help prevent W-2 scams

  • Inform and educate your employees to be cautious of fraudulent emails. Do not click on links and attachments in emails from unknown senders, or act on requests that seem unusual or don’t follow normal procedures. Avoid providing personal information when answering an email, unsolicited phone call, text message or instant message.
  • Additionally, do not reply to any emails that seem suspicious. Obtain the sender’s address or phone number from the corporate address book and ask them about the message. Never use the contact information provided in the email.
  • Never enter personal information in a pop-up web page or anywhere else that you did not initiate.
  • Keep security software and all other software programs updated.
  • Report security warnings from your Internet security software to IT immediately. Chances are they aren’t aware of all threats that occur.

Cybercriminals are getting more sophisticated and operate with an arsenal of tools to attempt to file fraudulent tax returns and maybe commit other forms of identity theft. Being aware of these traditional scamming methods is a good first line of defense.

How to report a phishing email

The IRS is taking proactive steps to prevent phishing incidents. If you think you received a phishing email or phone call, be sure to visit and report the incident to the IRS.

As the line between our real life and digital life blurs with advancements in technology, it is important to be mindful of your personal information’s security. Keeping your digital devices, such as smartphones, PCs and laptops, protected with Norton Security Premium is one measure of online information security. It comes with online storage for file backup and multiple device protection that helps keep malware and viruses at bay. To help protect your identity, trust LifeLock. Lifelock uses monitoring technology and alert tools to help proactively safeguard your credit and finances.

This unique combination of having Norton Security and LifeLock, two industry leaders in digital safety helping guard your digital life, will help you explore the Internet safely.

As you get your paperwork ready for the tax season stay safe and help keep your digital life protected.

Disclaimers and references:

No one can prevent all identity theft.
LifeLock does not monitor all transactions at all businesses.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2023 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.