2016 Tax Season Email Scam

“A major phishing scheme has tricked several major companies - among them, the messaging service Snapchat and disk-drive maker Seagate Technology - into relinquishing tax documents that exposed their workers' incomes, addresses and Social Security numbers,” according to the Associated Press.

This latest scam sent emails to company payroll and personnel departments impersonating CEOs or other top officials, requesting employees’ W-2 tax forms. The data from these forms is primed for identity theft, including fake tax returns and fraudulent refunds.

This scam is so widespread that on March 1 the IRS sent a notice alerting employers' payroll departments. The IRS has seen a 400% increase in phishing and computer malware incidents this tax-filing season. Attacks like this are much more common during holidays and other annual events like tax season to take advantage of people's routines.

Seagate’s CFO, Dave Morton, admitted, "This mistake was caused by human error and lack of vigilance, and could have been prevented." This is a reminder that no amount of IT security can stop scammers from "social engineering," which we discussed in last year’s blog post about a wire transfer email scam. Social engineering is defined as the "psychological manipulation of people into performing actions or divulging confidential information."

This is a very helpful guide to recognizing "Social Engineering Red Flags" from KnowBe4.com (view the PDF).


The most effective phishing emails use company logos and colors to enter your inbox undetected. However, there is always something slightly off, as the graphic above explains. You may not notice details like that on first glance, but closer examination will reveal the scam for what it is.

How can you avoid the scam?
  • The AP article argues, "Payroll and personnel specialists should be trained well enough to question why a CEO needs to see individual worker W-2s in the first place." Stu Sjouwerman, CEO of KnowBe4, explains, "It's a case of: 'Oh, the boss wants it', They stop thinking, 'Why would this be?'"
  • Setup your email so any outside emails are tagged as "[EXTERNAL]" in the subject (This can be done by Baroan or your network admin.)
  • Study the Social Engineering Red Flags!