Cyber Criminals After W-2 Forms this Season

Cyber criminals are about to ramp up their efforts to steal employee W-2s. Just like other businesses, cyber criminals seek efficiency. If they can get just one member of your HR or finance staff to send W-2 forms, they can profit directly by filing fraudulent tax returns and stealing refunds. Beazley Breach Response (BBR) Services typically sees W-2 phishing peak toward the beginning of tax season, as criminals race to file fraudulent returns before employees can file their legitimate ones.

A successful attack generally begins with a spoofed email to an employee in the accounting, finance, or HR department. Appearing to come from an executive, sometimes bolstered by details the criminal has gleaned from LinkedIn or social media, the email leads the employee to supply PDFs of W-2s or other forms of electronic payroll data. When the attack succeeds, most or all of your employees are likely to have their data compromised

Victims - your employees - typically experience immediate harm, so if you do experience a W-2 incident, time is of the essence in notifying Beazley Breach Response (BBR) Services so we can help you coordinate your response quickly.

But there are steps you can take to help protect your organization, including a W-2 phishing training tip sheet, out-of-band authentication tip sheet, and online employee training, as well as additional recommendations about best practices, available via the Beazley Breach Response website at

Make sure you discuss cyber coverage options with your clients. For your own agency, please contact Stephen Holmes at or 615.515.2609 for information on cyber policy options.