Alert: Protect Employee Data from Email Phishing Threats This Tax Season

As the end of the 2016 tax filing season approaches, email phishing scams designed to steal confidential employee data have increased. Phishing emails, designed to trick HR and finance department employees into exposing employee W-2 forms, are especially dangerous. These types of attacks can be extremely sophisticated and appear to be legitimate requests from company executives or authorized third parties. Scammers use stolen W-2 files and related personally identifiable information (PII) to file fraudulent tax returns, attempting to claim tax refunds. The phishing email also may include a request to complete a fraudulent wire transfer.

DHG advises its clients to make all HR, finance and accounting team members aware of this elevated threat and take extra precautions before sharing confidential employee information.

The following steps are recommended:

  • Follow up all email requests for sensitive information with a phone call to the requestor to validate legitimacy.
  • Avoid sending sensitive employee data, such as social security numbers, birth dates and financial data, over email. Use company-approved file sharing solutions instead.
  • Update antivirus software and validate that it is actively running on all servers and workstations.
  • If a suspicious email is received, never reply, click on any links or open any attachments. Promptly report any suspicious emails or unusual system activity to your IT provider.

If you have questions, contact the DHG IT Advisory team for more information.

About DHG IT Advisory

DHG IT Advisory, a national practice of Dixon Hughes Goodman (DHG), works with companies to manage technology risk while maintaining data integrity, protecting privacy and complying with regulations. From project management and regulatory compliance assistance to digital forensics and incident response, DHG is equipped to meet your IT advisory needs that drive your business. For more information, visit