Your accountant is getting busier.
Your bookkeeper is pulling documents.
Everyone’s thinking about W-2s, 1099s, and deadlines.
Here’s the part nobody puts on the calendar:
The first real tax-season headache usually isn’t a form.
It’s a scam.
And there’s one that hits before April even gets close because it’s easy, believable, and aimed directly at small and mid-sized businesses.
You might already have it sitting in someone’s inbox.
The W-2 Scam: How It Actually Works
The setup is simple.
Someone in your company usually payroll or HR gets an email that looks like it’s from the CEO, owner, or a senior executive.
The message is short and urgent:
“Hey, I need copies of all employee W-2s for a meeting with the accountant. Can you send them ASAP? I’m slammed today.”
Nothing looks off.
- The tone feels right
- The timing makes sense
- The request is completely normal for February
So the employee sends the W-2s.
Except the email wasn’t from the CEO.
It was sent by a criminal using:
- A spoofed email address
- Or a look-alike domain
- Or a compromised internal account
And now that attacker has every employee’s most sensitive data:
- Full legal names
- Social Security numbers
- Home addresses
- Salary information
Everything needed for identity theft.
Everything needed to file fraudulent tax returns before your employees do.
What Happens Next (And How It Usually Comes Out)
This is how most companies discover the breach:
An employee files their tax return.
It gets rejected.
“A return has already been filed for this Social Security number.”
Someone already claimed the refund.
Someone already got the money.
Now that employee is dealing with:
- The IRS
- Identity theft affidavits
- Credit monitoring
- Months (sometimes years) of cleanup
All because of a document they didn’t even know was exposed.
Now multiply that by your entire payroll.
And then imagine explaining to your team that their personal information was compromised because of a single email.
That’s not just a cybersecurity incident.
That’s:
- A trust issue
- An HR crisis
- A legal and compliance risk
- A reputational hit
Why This Scam Works So Well
This isn’t a sloppy phishing email.
It works because:
The timing is perfect
W-2 requests are expected in February. No one questions why now.
The request is reasonable
It’s not a wire transfer or gift cards. These documents really do get shared during tax season.
The urgency feels normal
“Can you send this quickly?” doesn’t raise alarms in a busy office.
The sender looks legitimate
Attackers research their targets. They know the CEO’s name. Sometimes they know the accountant’s name. This is targeted social engineering.
People want to be helpful
Especially when the request appears to come from leadership. Urgency overrides verification.
How to Protect Your Business (Before This Hits)
The good news: this scam is highly preventable.
It doesn’t require cutting-edge tools.
It requires clear policy, verification culture, and basic security controls.
1. Make “No W-2s via Email” a Hard Rule
No exceptions.
W-2s and sensitive payroll data should never be sent as email attachments regardless of who asks.
If it comes by email, the answer is no.
2. Verify Sensitive Requests Using a Second Channel
Phone call. In-person. Secure chat.
Anything except replying to the email.
Always use contact details you already trust—not the ones in the message.
Thirty seconds of verification can save months of damage.
3. Hold a 10-Minute Tax-Scam Huddle Now
Not later. Not “closer to April.”
Tell payroll and HR:
- These scams spike right now
- This is what they look like
- This is exactly what to do
Awareness is one of the cheapest and most effective security controls.
4. Lock Down Payroll and HR Systems
Anything that touches employee data should have:
- Strong passwords
- Multi-factor authentication (MFA)
- Least-privilege access
If credentials get phished, MFA is often the last line of defense.
5. Reward Verification—Don’t Discourage It
Employees who double-check a request from the CEO should be praised, not embarrassed.
When questioning is encouraged, scams fail.
The Bigger Picture
The W-2 scam is just the opening act.
Between now and April, expect:
- Fake IRS notices demanding immediate payment
- Phishing emails disguised as tax software updates
- Spoofed messages from “your accountant” with malicious links
- Fraudulent invoices disguised as tax expenses
Attackers love tax season because:
- Everyone is busy
- Financial requests feel normal
- People move fast and verify less
Businesses that make it through tax season clean aren’t luckier.
They’re prepared.
They have:
- Clear policies
- Staff awareness
- Security controls that catch spoofing and abuse early
Is Your Business Ready?
If you already have policies in place and your team knows what to look for—great. You’re ahead of most small businesses.
If not, now is the time.
Not after the first employee gets burned.
If this sounds like your business, book a 10-minute discovery call and we’ll review:
- Payroll and HR access controls and MFA
- Your W-2 verification rules
- Email protections against spoofing and impersonation
- The one policy gap most businesses miss
If this doesn’t sound like you—awesome.
But you probably know a business owner it does sound like.
Forward this to them.
It could save them a very expensive tax season.
P.S. To see how we help businesses like yours solve problems using tech, give us a call at (303) 423-4500 or book your FREE Security Huddle instantly here: https://business.newpush.com
