Skip to Content

W-2 scams you need to know about before you do your taxes

It’s that time of year. Yep, it’s tax season.

Before you know it, the tax deadline will be here. Although, due to special circumstances, you will have a couple extra days to file this year. Typically what’s known as “Tax Day” falls on April 15, this year it will be Tuesday, April 17.

With Tax Day right around the corner, the Internal Revenue Service (IRS) is alerting us to some scary scams that you need to know about.

What you need to watch out for

The IRS, state tax agencies and the tax industry are warning both tax professionals and taxpayers of phishing email scams. You especially need to watch out for emails requesting direct deposit changes for refunds or account updates. The agencies said that everyone needs to be on guard against suspicious activity.

An example of a current scam involves a fraudster posing as a legitimate taxpayer, asking tax preparers to make a change to their refund destination. In most cases, people are being asked to send the refund to a prepaid debit card. The IRS is urging tax professionals to verbally reconfirm information with the client should they receive an email request to change an address or direct deposit account for refunds.

Also, taxpayers are being told to watch out for scam emails that claim to be from their tax software provider or others, asking them to update online accounts. The IRS is urging everyone to learn how to recognize a phishing scam, whether it’s an email, phone call or text.

Phishing scams occur when someone poses as a legitimate organization such as a bank, credit card company, tax software provider or even the IRS. They then try tricking the victim into giving up sensitive data such as passwords, Social Security numbers, bank accounts or credit and debit card numbers. Any taxpayer who receives suspicious emails purporting to be from a tax software provider or from the IRS should forward them to

If you receive a suspicious call from someone claiming to be from the IRS, here is what you should do:

  • If you know you owe taxes or think you might owe, call the IRS at 1-800-829-1040. IRS workers can help you with a payment issue.
  • If you know you don’t owe taxes or have no reason to believe that you do, report the incident to the Treasury Inspector General for Tax Administration at 1-800-366-4484 or at
  • You can file a complaint using the FTC Complaint Assistant: choose “Other” and then “Impostor Scams.” If the complaint involves someone impersonating the IRS, include the words “IRS Telephone Scam” in the notes.

Also, the IRS does not use unsolicited email, text messages or any social media to discuss your personal tax issue. For more information on reporting tax scams, go to and type “scam” in the search box.

Here are suggestions on how to handle phishing scams in general:

Be cautious with links and phone numbers

If you get an email or notification that you find suspicious, don’t click on its links. It could be a phishing attack. It’s always better to type a website’s address directly into a browser than clicking on a link. Take our phishing IQ test to see if you can spot a fake email.

Set up two-factor authentication 

Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It’s like the DMV or bank asking for two forms of ID. This adds an extra layer of security and should be used whenever a site makes it available. Click here to learn how to set up two-factor authentication.

Use unique passwords

Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.

Do not disclose sensitive data

Unsuspecting people are mistakenly handing over sensitive information to scammers all too often. If you receive an unsolicited email or phone call, do not reply with personal information. You don’t want it to fall into the hands of criminals. If a company that you do business with on a regular basis emails you and asks for personal information, type the company’s official web address into your browser and go there directly to be safe.


Having a reliable and dependable DNS system is critical to your safety. If you want to further protect your systems from rogue websites and bad links, here’s Kim’s security pick.

Click here to read more about the free Quad9 DNS service.

Refer friends, earn rewards

Share your source of digital lifestyle news, tips and advice with friends and family, and you'll be on your way to earning awesome rewards!

Get started