January 31, 2017: As the 2017 tax season approaches, employers must remain diligent to protect against email “phishing” scams designed to steal employees’ highly-confidential Form W-2 information.  This type of data breach scam, which appears to be growing in popularity, involves a cybercriminal sending a “phishing” or “spoofed” email to employees in the a company’s accounting or human resources department of a company.  The email is designed to appear as if it was sent by the CEO or some other high-ranking officer, and it requests that the employee respond by sending copies of the IRS Form W-2 tax forms for all employees.  The Form W-2’s contain highly-confidential personally identifiable information (“PII”) of the employees, including name, address, salary and benefit information and, most importantly, social security number.  The Form W-2 may also disclose the employee’s filing status — married or single.  Armed with this information, cybercriminals can engage in numerous types  of identity theft, including filing false tax returns on behalf of an employee seeking to steal refunds, or attempting to open up credit accounts in the employee’s name.

Last year, approximately 41 companies fell for similar scams, including Seagate Technology, LLC, Snapchat, Turner Construction Company, and more.

Although it is still January, companies have already fallen for the phishing scam this year, including  TransPerfecteHealthInsurance, and solar panel maker Sunrun.  Earlier this month, the IRS renewed its alert about Form W-2 scams.

If you an employee who was notified that your Form W-2 information or other PII was wrongfully disclosed through a phishing scam or otherwise, you may be entitled to compensation or other relief.  Bragar Eagel & Squire, P.C., is currently litiging claims on behalf of a class of employees whose Form W-2 PII was disclosed as a result of a phishing scam.

For additional information, please contact David J. Stone, Esq. at (212) 308-5858 or email investigations@bespc.com.

Attorney Advertising.  Prior results do not guarantee a similar outcome.

Report a Fraud or

Contact an Attorney



Fill out the form below to receive a free and confidential initial consultation.

No attorney/client relationship will be formed by sending an email through this site or receiving a response from Bragar Eagel & Squire, P.C. If you communicate with us through this website or otherwise in connection with a matter in which we do not already represent you, your communication may not be treated as privileged or confidential. Please avoid sending any sensitive or confidential messages by email.

*I accept

© 2017-2020 BRAGAR EAGEL & SQUIRE, P.C.