It’s February.
Tax season is warming up. Your accountant is busy. Your bookkeeper is pulling reports. Everyone’s thinking about W-2s, 1099s, and deadlines.
Here’s the thing most businesses don’t plan for:
The first real tax-season problem usually isn’t a form.
It’s a scam.
And there’s one that shows up early every year because it’s simple, believable, and aimed directly at small businesses. Chances are, it’s already landed in someone’s inbox.
The W-2 Scam: How It Actually Works
The setup is deceptively simple.
Someone in your organization — usually payroll, HR, or an office manager — receives an email that looks like it came from the CEO, owner, or another senior leader.
The message is short and urgent:
“Hey, I need copies of all employee W-2s for a meeting with the accountant. Can you send them over ASAP? I’m slammed today.”
Nothing about it feels strange.
It’s tax season.
The request sounds reasonable.
The tone matches how leaders actually communicate when they’re busy.
So the employee sends the W-2s.
Except the email wasn’t from the CEO.
It was from a criminal using a spoofed address or a look-alike domain.
And now that criminal has every employee’s:
- Full legal name
- Social Security number
- Home address
- Salary information
Everything needed to commit identity theft.
Everything needed to file fraudulent tax returns before your employees ever get the chance.
What Happens Next (And How You Find Out)
Most businesses don’t realize what happened right away.
They find out when an employee tries to file their tax return — and it gets rejected.
“Return already filed for this Social Security number.”
Someone else already claimed the refund.
Already received the money.
Now that employee is dealing with the IRS, credit freezes, identity theft protection, and months of paperwork — because of a document they didn’t even know was sent.
Multiply that by your entire payroll.
Now imagine explaining to your team that their personal information was exposed because of a fake email.
That’s not just a security issue.
That’s a trust issue.
An HR nightmare.
A potential legal problem.
A reputational hit that doesn’t go away quickly.
Why This Scam Works So Well
This isn’t a sloppy scam. It’s effective because it blends in.
It works because:
- The timing is perfect. W-2 requests are expected in February. Nobody questions why now.
- The request is normal. This isn’t “wire money” or “buy gift cards.” It’s something that genuinely happens during tax season.
- The urgency feels natural. “I’m slammed today” doesn’t raise alarms in a busy office.
- The sender looks legitimate. Criminals research their targets. They know names, titles, and sometimes even who your accountant is.
- Employees want to help. Especially when the request appears to come from leadership.
Speed beats skepticism when people feel pressure.
How to Stop This Before It Happens
The good news is this scam is highly preventable — and it doesn’t require expensive tools or complicated processes.
It requires clear rules and a culture that supports verification.
- Make “No W-2s via Email” a Firm Rule
W-2s and payroll documents should never be sent as email attachments. No exceptions.
If someone asks for them by email — even if it looks like leadership — the answer is automatically no.
- Verify Sensitive Requests Using a Second Channel
Any request involving employee data should be confirmed by phone, in person, or through an internal system — not by replying to the email.
Always use contact information you already have, never what’s provided in the message.
Thirty seconds of verification can save months of cleanup.
- Hold a 10-Minute Tax-Scam Huddle Now
Don’t wait until March. Don’t wait until something happens.
Tell your payroll and HR staff what these emails look like and what the rule is.
Awareness is cheap insurance.
- Lock Down Payroll and HR Systems
Anything that touches employee data should have multi-factor authentication (MFA) enabled.
If credentials get phished, MFA is often the last line of defense that stops the damage.
- Reward Verification, Don’t Discourage It
Employees should never feel awkward double-checking a request — even if it appears to come from the CEO.
When verification is encouraged, scams have nowhere to hide.
The Bigger Picture
The W-2 scam is just the opening act.
Between now and April, expect:
- Fake IRS notices demanding immediate payment
- Phishing emails posing as tax software updates
- Spoofed messages from “your accountant”
- Fraudulent invoices timed to look like tax expenses
Criminals love tax season because everyone is busy, distracted, and moving fast.
Businesses that make it through cleanly aren’t luckier.
They’re prepared.
They have policies.
They have awareness.
They have systems that slow people down just enough to catch fraud before it spreads.
Is Your Business Ready?
If your team already knows what to look for, that’s great — you’re ahead of the curve.
If not, now is the time. Not after the first incident.
If this sounds like your business, a quick discovery call can help you review:
- Payroll and HR access controls
- MFA coverage
- W-2 verification rules
- Email protections that catch spoofed senders
- The one policy gap most small businesses miss
If it doesn’t sound like you, chances are you know a business owner it does sound like.
Forward this to them. It might save them a very expensive tax season.
Because deadlines are stressful enough — identity theft doesn’t need to be part of the process.
