top of page
  • Komodo Research


Traditionally, tax season opens by the end of January and wraps up with the famous Tax Day holiday when tax dues end. This is a very lucrative time for fraudsters. In order to fill in the tax statement, one is required to use the W-2 form. A W-2 is a U.S. federal tax form, issued by employers, that has a wealth of personal financial information, including taxpayer IDs and how much an employee was paid during the year.

W-2 Fraud Sample

From: john.doe@company-dot-com TO: W2-dot-finance@company-dot-com Subject: Treat as urgent Date: Jan 1, 2017 12:00PM Hi Tony, Please send me the copies of all employees’ W-2 wage and tax statements for 2015 in order to complete a transaction. Please send them as a PDF attachment. Regards, John Doe

The email appears to be a completely legitimate request from a legitimate email address, however, in reality, the email is from somewhere entirely different and has the “REPLY TO” field (that is typically hidden from the end user) set to an email address controlled by the criminal; for example, fakePhisher@mail-dot-com. The email headers would show this.

Once the criminal receives the reply email containing the stolen credentials, it is only a matter of hours until he will try fill out fraudulent tax returns and try to cash out the money.


Raise awareness about this threat among employees, especially those that handle the W-2 and other tax forms.Maintaining a high-alert mindset among an organization’s personnel is a difficult task. One good solution is to share this relevant news about phishing scams and show the connection between having a high awareness of their existence among employees and reducing the response ratio to them.

bottom of page