Blog Post

Three Common Tax Time Scams That Target Payroll


Tax season is upon us. Unfortunately, so is scam season. The Internal Revenue Service recently warned of an expected surge in phishing emails involving payroll direct deposit and transfer scams as well as growing W-2 cons. All three are a form of what cyber security professionals call “business email compromise” (BEC) attacks. They work because they come disguised as emails from trusted colleagues or managers and lack the malicious payloads that security programs are designed to look for – viruses, malware or suspicious weblinks. Rather, it’s simple identity deception and social engineering used as financial weapons.

A recent analysis of more than 1 billion emails received by large organizations and companies in the latter half of 2017 showed that a whopping 96 percent of companies were attacked at least once, with the average business experiencing 45 BEC attacks. Further analysis revealed that such attacks cost American companies and organizations upward of $9 billion in 2018.

To help protect your payroll software and service clients, be sure you’re aware of these three common tax-time frauds:


  1. W-2 scam: The W-2 scam has been one of the most frequent in the past few years, emerging in 2016 and hitting some 200 employers in 2017. Victims primarily are in the corporate sector, but the con has hit school districts, nonprofits and tribal organizations as well. Scammers send employees emails that appear to be from a company executive or organization leader and ask for sensitive Form W-2 information. Believing they’re talking with colleagues or managers, workers feel safe to share that information and often don’t realize what’s happened for several weeks. By that time, scammers have used the stolen data to file fake tax returns for real taxpayers, absconding with the funds and leaving victims to face a difficult and lengthy battle with the IRS.
  2. Direct deposit scam: In this scam, emails seemingly from employees go to the payroll or HR department, asking for changes to direct deposit accounts. Senders provide new bank account and routing numbers and soon, paycheck funds get redirected to the thief behind the bogus emails.
  3. Wire transfer scam: The emails come from thieves most commonly impersonating either an internal company employee or an outside vendor, always targeting employees responsible for making wire transfers on the company’s behalf. In either case, emails request a wire transfer be made to a particular account that’s actually controlled by the scammer. Perpetrators often have already hacked email systems or otherwise researched targeted employees enough to allow them to communicate in a familiar, conversational way.


If a scammer hits your payroll firm or one of your client companies, it’s critical that you act fast. In the case of a suspected W-2 email scam, forward it immediately to and reach the Federation of Tax Administrators at for information on how to report incidents to investigators in your state. Further, any BEC attack should be reported to the FBI’s Internet Crime Complaint Center.

For more information on cybersecurity and how to protect your payroll software and client data, contact Apex HCM call 877-750-2739 or request a demo online, here.