We have just come out of the holiday season which is, perhaps, the biggest time of the year for scams and now we are entering the income tax season which probably runs a close second when it comes to scams.
Employers are now sending out W-2 forms to employees which are necessary for the employees to complete their income tax returns. Many employers will send an email to employees about obtaining their W-2s online and scammers are taking advantage of this by sending emails that appear to come from the potential victim’s employee which contain a link to be used to view and then print the victim’s W-2. However, when scammers send these phishing emails they are seeking the username and password of the victim which will be provided to the scammer when the victim clicks on the link and provides this information when prompted. This can lead to identity theft. In another variation of this scam, merely by clicking on the link, the victim downloads keystroke logging malware that will steal all the information in the victim’s computer and use it to make the person a victim of identity theft. In yet another variation of the scam, clicking on the link will download dangerous ransomware.
Employers will generally not include a link in legitimate emails to access their W-2 forms online. Instead they will instruct the employee to go directly to this information at the appropriate department within the employer using their username and password separately. Even if your employer were to provide a link in such a legitimate email, you could never be sure that the email was from your employer so you should not click on the link. It is better to independently go to the department of your employer that has this information.