Phishers Disguised as CEO, Request W2 Forms

Feb 25, 2016

With tax season in the United States right around around the corner, it is important to be cautious of scammers who specialize in tax refund fraud. A recent incident involves a deceiving email sent to an organization’s human resources and accounting department requesting employee W-2 information. Stu Sjouwerman, chief executive at security awareness company KnowBe4, revealed that just this past week, the firm’s controller received an email designed to look like it was sent from Sjouwerman requesting copies of all their employees W-2 forms.

The email read:


I want you to send me the list of W-2 copy of employee’s wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.


KnowBe4 had just hired a new CFO (Chief Financial Officer). Fortunately, the controller replied to the email saying that she did not have access to that information, but that the new CFO would be able to help. Sjourwerman said that an analysis of the email headers revealed that the phishers used an individual’s GoDaddy email server, and that the return address was not at all associated with the company.

Sjourwerman said, “The two of them walked up to me and asked if I had requested a PDF with all W-2’s. Obviously, I hadn’t, and congratulated them on a good catch. But imagine if we would have sent off those W-2’s! It would have opened up our employees to identity theft because the W-2’s have their full name, address, wages and Social Security number.”


Scam artists who carry out tax refund fraud love W-2 information because it reveals all of the data needed to fraudulently file a person’s taxes and request a large tax refund in their name.

Last year, scam artists involved in a refund fraud stole W-2 information on more than 330,000 people directly from the IRS (Internal Revenue Service) Web site. Fraudsters also phished countless online payroll management account credentials used by corporate HR professionals. In fact, recent stats from the Federal Trade Commission revealed that tax refund fraud was responsible for as much as a 50% increase in consumer identity theft complaints over the past year.

{company} specializes in comprehensive security solutions that will safeguard your organization from  targeted and malicious attack. Contact {company} today at {phone} or send us an email at {email} to talk more about how we can protect your organization from damaging cyber threats. .

About Trevor