It's February. Tax season is ramping up. Your accountant is getting busier. Your bookkeeper is pulling documents. Everyone's thinking about W-2s, 1099s and deadlines.
Here's the part nobody puts on the calendar: the first real tax-season headache usually isn't a form. It's a scam.
And there's one that shows up before April even gets close because it's easy, believable and aimed straight at small businesses. You might already have it sitting in someone's inbox.
At Univision Computers, we help small businesses across Washington, Northern Idaho, Montana, and Central Florida prepare for this season with practical policies and proactive IT support—not just “more tools.” If your team ever needs a fast second set of eyes when something feels off, our Remote IT Help Desk Services can help you validate and respond quickly.
The W-2 Scam: How It Works
Here's the setup:
Someone in your company (usually whoever handles payroll or HR) gets an email that looks like it's from the CEO, owner or a senior exec.
The message is short and urgent:
"Hey, I need copies of all employee W-2s for a meeting with the accountant. Can you send them over ASAP? I'm slammed today."
It looks normal. The tone sounds right. Tax season is busy, so the urgency feels natural. The request seems reasonable.
So, your employee sends the W-2s.
Except the email wasn't from the CEO. It was from a criminal using a spoofed address or a look-alike domain.
And now that criminal has every employee's:
- Full legal name
• Social Security number
• Home address
• Salary information
Everything needed for identity theft. Everything needed to file fraudulent tax returns before your employees do.
What Happens Next
Here's how victims usually find out:
Your employee files their tax return. It gets rejected: "Return already filed for this Social Security number."
Someone already filed in their name. They already claimed their refund. Already got the money.
Now your employee is dealing with the IRS, credit monitoring, identity theft protection and months of paperwork because of a document they didn't even know they sent.
Multiply that by your entire payroll. Now imagine explaining to your team that their personal information was compromised because someone fell for a fake email.
That's not just a security problem. That's a trust problem. An HR nightmare. A potential lawsuit. A reputation hit.
And in the real world, these incidents don’t always stop at “just W‑2s.” The same access and confusion that enables W‑2 theft can also open the door to broader outages and data loss—another reason businesses prioritize Data Backup and Disaster Recovery for critical financial and employee records.
Why This Scam Works So Well
This isn't a Nigerian prince email. It doesn't look fake at first glance.
It works because:
The timing is perfect. W-2 requests are expected in February. Nobody questions why someone would ask for them now.
The request is reasonable. It's not "wire $50,000" or "buy gift cards." It's something that actually does get shared during tax season.
The urgency feels normal. "I'm slammed today, can you send this quick?" doesn't raise red flags in a busy office.
The sender looks legitimate. Criminals research targets. They know the CEO's name. Sometimes they know your accountant's name. They make it look real because they did their homework.
Employees want to be helpful. Especially to the boss. Urgency overrides verification.
How to Protect Your Business (Before This Lands)
The good news: this scam is preventable. And it takes policy + culture more than fancy tech.
Make a "no W-2s via email" rule. Period. No exceptions. W-2s and other sensitive payroll documents do not leave your building through email attachments. If someone asks for them via email, the answer is "no," even if it looks like the CEO.
Verify any sensitive request in a second channel. Phone call. In person. Chat. Anything other than replying to the email. Use a number you already have, not one in the message. It takes 30 seconds. Can save months of cleanup.
Do a 10-minute tax-scam huddle now. Not later. Not "when we get closer." Tell your payroll/HR people: "These are about to spike. This is what they look like. This is what we do." Awareness is cheap insurance.
Lock down payroll and HR systems. Multi-factor authentication (MFA) on anything that touches employee data. If someone's credentials get phished, MFA is the last door they'll slam into.
Also make sure you know what devices can access payroll/HR systems and who they’re assigned to. If a shared laptop or an unmanaged home computer is part of the process, your risk goes up fast. This is where Device Asset Management helps businesses keep control and visibility over the endpoints that touch sensitive data.
Make verification a culture, not a burden. The employee who calls to double-check a request from the CEO should be praised, not made to feel paranoid. When questioning is rewarded, scams have nowhere to hide.
That's it. Five rules. Simple enough to implement this week. Strong enough to stop the first wave.
One more thing that makes a huge difference: catching suspicious activity quickly. If a mailbox gets compromised, attackers often create forwarding rules or attempt repeated logins. Having 24/7 Monitoring & Alerting in place can shorten the time between “something happened” and “we contained it.”
The Bigger Picture
The W-2 scam is just the opening act.
Between now and April, expect a flood of tax-themed attacks:
- Fake IRS notices demanding immediate payment
• Phishing emails disguised as tax software updates
• Spoofed messages from "your accountant" with malicious links
• Fraudulent invoices timed to look like tax expenses
Criminals love tax season because everyone's distracted, everyone's moving fast and financial requests don't seem unusual.
Businesses that get through tax season clean aren't luckier. They're prepared.
They have policies. They have training. They have systems that catch suspicious requests before they become disasters.
Is Your Business Ready?
If you've already got policies in place and your team knows what to look for, great. You're ahead of most small businesses.
If not, now is the time. Not after the first scam hits.
If this sounds like your business, book a 10-minute discovery call with Univision Computers and we’ll review:
Payroll/HR access and MFA
Your W-2 verification rules
Email protections that catch spoofing
The one policy tweak most businesses miss
If you’re not sure where to start, our Remote IT Help Desk Services can help you pressure-test suspicious emails and tighten day-to-day processes, and our team can help you build a resilient foundation with 24/7 Monitoring & Alerting and Data Backup and Disaster Recovery.
If it doesn't sound like you, awesome. But you probably know a business owner it does sound like. Forward them this article. It might save them a very expensive headache.
Book your 10-minute discovery call here
Because tax season is stressful enough without identity theft on top of it.
