A Digital Defense Against W-2 Theft -- Security Today

A Digital Defense Against W-2 Theft

The FBI gives basic steps to mitigate the threat of W-2 theft.

By Sydny Shepard
Mar 08, 2018

It is "prime time," about a month before April's tax filing deadline, for cybercriminals and scam artists looking to cash in on your personal tax information. The FBI has recently issued an updated warning for businesses and employees to be on the watch for W-2 theft.

If a cybercriminal gets ahold of your W-2, he or she has the ability to file your tax return, and get your refund, before you do. There is also a great deal of personally identifiable information, including your Social Security Number, that could lead to numerous other problems for a victim.

The FBI says the most common way a scam artist could get your W-2 information is through a phishing scheme. The hacker, pretending to be an executive at the company, sends an email to the HR department and asks for employee's personal information or their W-2's, perhaps for tax or audit purposes. In some cases, hackers have been able to cause a massive data dump affecting thousands of employees.

So, how can you strengthen your company to ensure this doesn't happen and the data of your employees is protected? The FBI's Internet Crime Complaint Center has put together some basic steps that businesses can take to mitigate the threat:

Limit the number of people who have access to employees' person information and W-2's.
Set up two-factor verification system to confirm the request and receipt of such sensitive information.
Establish protocols for sensitive information requests ahead of time and outside the email environment.
Ensure that you secure sensitive PII and W-2 information with encryption.
Establish and maintain robust and strong security for your data, including firewalls, virus protection and spam filters.

"Businesses that have suffered a data breach involving tax information should immediately report that breach to the IRS and your state tax agency," the FBI said. "The IRS also wants to hear from you if you received a W-2 phishing e-mail but did not fall victim to the scam."

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Elite Interactive Expands Team to Target Innovation and Strategic Growth
10/21/2025
Alan Gillmore, IV Assumes Presidency of The Monitoring Association
10/21/2025
SIA Women in Security Forum Launches Sixth Annual CAN DO Challenge to Combat Food Insecurity
10/20/2025
Securitas Technology Releases 2026 Global Technology Outlook Report
10/15/2025
HID Signs Agreement to Acquire IDmelon, Expand Passwordless Authentication Capabilities
10/15/2025
Convergint Opens New U.S. Headquarters
10/13/2025
ONVIF to End Support for Profile S, Recommends Profile T as Replacement
10/09/2025
Totem Achieves Immix Central Station Certification Status
10/09/2025

Featured

Identity Governance at the Crossroads of Complexity and Scale

Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now
- Cybersecurity
Eagle Eye Networks Launches AI Camera Gun Detection

Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now
- Active Shooter
Report: AI is Supercharging Old-School Cybercriminal Tactics

AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now
- Cybersecurity
Pragmatism, Productivity, and the Push for Accountability in 2025-2026

Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now
- Access Control
- Artificial Intelligence
Report: Cyber Attackers Continue to Turn to AI-Based Tools to Avoid Detection

Comcast Business recently released its 2025 Cybersecurity Threat Report, a comprehensive analysis of 34.6 billion cybersecurity events detected between June 1,2024 and May 31, 2025. Now in its third year, the report offers business leaders a unique perspective into the evolving threat landscape and provides actionable insights to help organizations strengthen their defenses and align cybersecurity with business risk. Read Now
- Artificial Intelligence
- Cybersecurity

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.
PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.
Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.