W-2 attacks

W-2 attacks are a type of business email compromise (BEC) wherein a bad actor uses email to fool an unsuspecting individual into sending U.S. Internal Revenue Service W-2 Forms, containing employee wages and tax information, to a third party.

Why it matters

W-2 attacks usually involve a bad actor spoofing the visible ‘From’ field to match the email address of a trusted colleague. With no reliable way to validate whether the email is from the impersonated sender, the target assumes it is a valid message.

Image description: W2 attacks trick individuals into sending employee tax records, which typically include Personally Identifiable Information (PII)

W-2 attacks can be thwarted if the impersonated entity has adopted DMARC email authentication. DMARC with an enforcement policy blocks these same-domain name attacks with 100 percent effectiveness because emails from unauthorized individuals are sent to spam folders or deleted before delivery.