Tax season has begun and employers have started mailing W-2 forms to employees to file their tax returns. As we have seen over the years, tax preparation isn’t the only busyness happening during this time—cybercriminals are actively looking to steal millions of dollars from U.S. taxpayers by forging your tax returns.

These types of crimes are so effective and lucrative for cybercriminals that the IRS continuously issues warnings to companies to be aware of criminals posing as executives in their social engineering scams.

You May Also Like: Meltdown & Spectre Q&A: Two Major Chip Flaws Could Leave Devices Vulnerability to Security Threats

How it Happens

The cybercriminal sends a spoofed email to an employee that looks like it’s coming from an executive—CEO, CFO, etc. The request is simple and urgent—email the W-2s of specific or all employees. Reacting swiftly, the employee will perform the task as requested and now the W-2s are in the hands of the cybercriminal, who then sells them or uses them to file fraudulent tax returns. This scam has been happening for years, but unfortunately employees still fall victim to the convincing emails.

Prevention Tips

Educate:  Stay current on the latest security measures and scams with resources like:

Verify: Always personally verify requests for the personal information of employees through means other than email—face-to-face or a phone call.

Have questions about the strength of your security strategy and plans? Request a complimentary consultation with one of our security experts

Encourage: Be part of a cyber-aware business culture where employees can feel comfortable asking executives questions about requests. Encourage being safe than being sorry.

We can all help prevent the success of these scams by staying educated. Always challenge requests that you believe may be suspicious.