‘Tis the season of scammers trying to gain access to your confidential information, especially those W-2s that you recently received. Be on alert for phishing scams!

Here’s how the typical scam works:

Cybercriminals do their homework identifying CEOs, executives or others in positions of authority. Using a technique known as Business Email Compromise (BEC) or Business Email Spoofing (BES), fraudsters posing as executives send emails to payroll or human resource personnel requesting copies of W-2 forms for employees. They’ve also been known to watch social media sites looking for newer employees who may not question authority.

The initial email may be a friendly “Hi, are you working today?” exchange before the fraudster asks for confidential information (like W-2 forms) or follow up with a request for a wire transfer.

Here are a few things to keep in mind:

  • The IRS does not initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information.
  • Your W-2 information is confidential and should not be shared via email.
  • If you’re a Payentry user, authorized company users have access to tax forms and filings via SecureView and should login themselves to retrieve this information.
  • If you’re not a Payentry user, learn more about SecureView and be sure to check out our website!
  • Executives are not likely to request a wire transfer via email.
  • Don’t click on links. If you do, notify your IT department ASAP.


Businesses and organizations that fall victim to the scam and even those that do not fall victim, but receive a suspect email should send the full email headers to phishing@irs.gov and use “W2 scam” in the subject line.

You can learn more about scams and how to report them by visiting the IRS site here.