Income tax season is arriving, and your company will soon be issuing W-2 forms to all of its employees. Now is a good time to remind all payroll and Human Resources personnel that a W-2 phishing scam, which has been around for a couple of years, is likely to arise again this year.

This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the “CEO” sends an email to a company payroll office or human resource employee and requests a list of employees and information including SSNs.

The email may say something like:

  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Organizations receiving a W-2 scam email should forward it to and place “W2 Scam” in the subject line. Organizations that receive the scams or fall victim to them should contact their attorney, their insurance company, and file a complaint with the Internet Crime Complaint Center operated by the Federal Bureau of Investigation.