Business Identity Theft and W-2 Scams are on the Rise by Joseph L. Saka, CPA/PFS

Posted on January 14, 2019 by Joseph Saka

With the start of the 2019 tax season, businesses must educate employees, implement controls and take other steps to avoid falling victim to a growing wave of identity theft and W-2 scams.

Identity thieves have been targeting small businesses at an alarming rate. Not only are criminals stealing business data to open credit card accounts and file fraudulent tax returns looking for bogus refunds, but they are also gaining access to employees’ personal information found on W-2 forms. Too often, businesses are tricked into willingly handing over this sensitive information to cybercriminals simply because their employees fail to pick up the phone to confirm the identities of email senders who request such data.

In a typical W-2 scam, an employee will receive an email that appears to come from an executive or another leader in the organization. It may start with a simple, “Hey, you in today?” and, by the end of the exchange, all of an organization’s Forms W-2 for their employees may be in the hands of cybercriminals. This puts workers at risk for tax-related identity theft.

Because employees perceive that they are communicating with a company executive, it may take weeks for someone to realize a data theft has occurred. Generally, the criminals are trying to quickly take advantage of their theft, sometimes filing fraudulent tax returns within a day or two.

In order to avoid falling victim to these traps, employers must put steps and protocols in place for the sharing of sensitive employee information such as Forms W-2. For example, a business may require employees to receive verbal confirmation before emailing W-2 data and/or have two people within the organizations review any distribution of sensitive W-2 data or wire transfers. In addition, it is the responsibility of businesses to educate their workers about the telltale signs of phishing emails and how employees can protect themselves and the organization from cyber fraud.

The advisors and accountants with Berkowitz Pollack Brant work businesses to assess their cyber-security risks and implement strong internal controls to build trust and protect themselves against identity theft.

About the author: Joseph L. Saka, CPA/PFS, is CEO of Berkowitz Pollack Brant, where he provides a full range of income and estate planning, tax and business consulting and compliance services, and financial planning expertise to entrepreneurs, high-net-worth families and family companies and business executives in the U.S. and abroad. He can be reached at the CPA firm’s Miami office at (305) 379-7000 or via e-mail at