Tax Season Means Fake W-2 and W-9 Scams Warns eMazzanti Technologies President Carl Mazzanti

HOBOKEN, N.J., April 21, 2026 /PRNewswire/ — The  April 15 tax deadline may have just passed, but Cybercriminals continue to launch a surge of payroll and vendor fraud attacks using counterfeit W-2 and W-9 forms. According to the most recent FBI Internet Crime Report, Cybercrime losses totaled $16 billion in 2024, a 33% increase in losses from 2023.

“These scams are actively targeting businesses across the New York metro area and nationwide,” warns Carl Mazzanti, President and Co-founder of eMazzanti Technologies, a leading Cybersecurity and IT services firm based in Hoboken, NJ. “Accounting firms, healthcare providers, nonprofits, and legal offices traditionally faced disproportionate exposure — but today, bad actors are using carefully crafted, realistic-looking messages to deceive employees at organizations of all sizes and across industries. Their goal is to extract sensitive financial data, and redirect vendor payments directly into their own accounts. But companies that work with experienced Managed Service Providers (MSPs) like eMazzanti can develop policies and implement technology to guard against these and other kinds of threats.”

A Close Encounter

eMazzanti Technologies “recently received what appeared to be a standard executive email marked ‘urgent and confidential,'” he recounted. “The message included a fraudulent W-9 form complete with a fabricated Employer Identification Number (EIN) — a detail included specifically to build trust — and requested that the recipient immediately register the sender as a vendor to process a pending invoice.”

The fraudster sweetened the trap with a 20% discount for payment within 24 hours.

“It looked completely legitimate,” explains Mazzanti. “The email implied urgency, included a genuine-looking tax document, appeared to come from an executive, and offered a financial incentive. The tone was brief and directive — exactly how these phishing attempts work.”

The fraud was designed to trigger fast action before anyone stopped to verify the vendor.

Detecting the Fraud: Process Over Luck

eMazzanti’s accounting team caught the scam — not because of one obvious red flag, but because of strict verification protocols.

“There was no single dramatic warning sign,” says Mazzanti. “But the initial request didn’t follow our normal process for sensitive documents. There was no prior context, the urgency felt inconsistent with standard procedures, and a closer look at the sender details raised concern. Most critically, we never release tax information based solely on an email request. We verified through a separate channel, confirmed with management, and quickly established that no one had authorized the transaction.”

Common Tax Season Payroll and Vendor Fraud Scams Businesses Face

AI-enabled impersonation schemes are one of the “Dirty Dozen” scams cited by the IRS in its annual warning, Mazzanti notes. Beyond fake W-9 and W-2 schemes, he identifies several other high-frequency payroll fraud attacks businesses should know:

• Direct Deposit Change Scams: A Cybercriminal impersonates an employee and submits a fraudulent request to update banking information, rerouting payroll deposits to an attacker-controlled account.
• Vendor ACH Change Requests: Attackers impersonate a legitimate vendor and request updated ACH payment routing details, diverting invoice payments away from the real recipient.
• Executive Impersonation and Wire Transfer Fraud (BEC): Fraudulent emails appearing to come from senior leadership demand urgent wire transfers or tax payments, exploiting the perceived authority of the sender.
• AI-generated voice cloning and emails may perfectly mimic executive speaking and writing styles, while deepfake video calls are also being used in BEC fraud.

“All of these attacks rely on urgency and authority to bypass normal controls,” Mazzanti notes. ” These scams are significantly amplified in remote work environments, where employees cannot simply walk down the hall to verify a vendor payment or other request.”

Regardless of industry, he says companies should implement strong internal verification policies. Businesses should also develop a proactive incident response plan to detect, contain, and recover from Cybersecurity breaches quickly, minimizing operational downtime. This approach includes assembling a response team, assessing system damage, preserving evidence for forensics, and ensuring regulatory compliance.”

What if you do get scammed?

If an organization is taken in by a scam, “The incident should be reported to the FBI’s Internet Crime Complaint Center,” Mazzanti explains. “You should also notify your bank within 24 to 72 hours to attempt a wire recall, file a report with the IRS if tax documents were compromised, and engage legal counsel and notify affected parties if data was exposed. But be aware that once your funds are transferred to a bogus vendor, your chances of getting them back are greatly diminished.”

Seven Ways to Protect Your Business from W-2, W-9, and Payroll Fraud

Mazzanti recommends the following best practices for businesses of all sizes:

1. Establish and enforce verification protocols. Never act on requests for sensitive financial data or payment changes based solely on an email. Require out-of-band confirmation — such as a phone call to a known number — before making any changes.
2. Treat urgency as a red flag. Artificial urgency and financial incentives (like limited-time discounts) are hallmarks of social engineering. Slow down when pressure increases.
3. Scrutinize sender details carefully. Attackers often use email addresses that differ from legitimate ones by only a single character or domain. Train staff to verify before responding to any sensitive request.
4. Escalate to management. When a request falls outside normal procedures, ask a supervisor immediately. A 30-second confirmation can prevent a major financial loss.
5. Conduct regular employee security awareness training. Phishing simulations and Cybersecurity training help staff recognize attack patterns before they encounter them for real.
6. Deploy email security tools. Advanced email filtering, anti-phishing software, and multi-factor authentication (MFA) reduce the risk of fraudulent messages ever reaching employee inboxes.
7. Create clear document-handling policies. Establish written procedures for how W-2s, W-9s, and other sensitive tax documents are submitted, stored, and verified. Ensure all employees with payroll or vendor payment access understand these policies.

Why Tax Season Is Prime Time for Cybercriminals

“Tax season normalizes the exchange of financial documents,” Mazzanti explains. “Cybercriminals exploit that familiarity to make fraudulent requests look routine. Businesses can work with MSPs like eMazzanti  to train their employees to treat any unsolicited request involving tax forms, banking details, or vendor payments with rigorous skepticism — and follow a verification process every single time, no exceptions. The cost of one extra phone call is nothing compared to the cost of a successful fraud. Contact us today at 844-360-4400 or sales@emazzanti.net to speak with one of our Cybersecurity professionals who can help you to safeguard your organization, its networks and its data.”

eMazzanti Technologies has received many accolades for superior service delivery and stellar growth. The firm has placed on the Inc. 5000 list of fastest growing privately held companies eleven times, including eight consecutive years in a row, has been recognized by Microsoft as a 4x partner of the year and a Watchguard 5x partner of the year. NJBIZ has recognized the firm as the Small Business of the Year, and as a leading NJ Digital Innovator in 2019, 2020, 2022, 2023, and 2024.

View original content to download multimedia:https://www.prnewswire.com/news-releases/tax-season-means-fake-w-2-and-w-9-scams-warns-emazzanti-technologies-president-carl-mazzanti-302748463.html

SOURCE eMazzanti Technologies