W-2 attacks are a type of business email compromise (BEC) wherein a bad actor uses email to fool an unsuspecting individual into sending U.S. Internal Revenue Service W-2 Forms, containing employee wages and tax information, to a third party.
Why it matters
W-2 attacks usually involve a bad actor spoofing the visible ‘From’ field to match the email address of a trusted colleague. With no reliable way to validate whether the email is from the impersonated sender, the target assumes it is a valid message.
W-2 attacks can be thwarted if the impersonated entity has adopted DMARC email authentication. DMARC with an enforcement policy blocks these same-domain name attacks with 100 percent effectiveness because emails from unauthorized individuals are sent to spam folders or deleted before delivery.