Just a friendly reminder that phishing scams Attack.Phishing which spoof Attack.Phishing the boss and request W-2 tax data on employees are intensifying as tax time nears . The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks . On Thursday , March 16 , the CEO of Defense Point Security , LLC — a Virginia company that bills itself as “ the choice provider of cyber security services to the federal government ” — told all employees that their W-2 tax data was handed Attack.Databreach directly to fraudsters after someone inside the company got caught Attack.Phishing in a phisher ’ s net . Alexandria , Va.-based Defense Point Security ( recently acquired by management consulting giant Accenture ) informed current and former employees this week via email that all of the data from their annual W-2 tax forms — including name , Social Security Number , address , compensation , tax withholding amounts — were snared Attack.Databreach by a targeted spear phishing email . “ I want to alert you that a Defense Point Security ( DPS ) team member was the victim of a targeted spear phishing email that resulted in the external release Attack.Databreach of IRS W-2 Forms for individuals who DPS employed in 2016 , ” Defense Point CEO George McKenzie wrote in the email alert to employees . “ Unfortunately , your W-2 was among those released outside of DPS . ” W-2 scams Attack.Phishing start with spear phishing emails usually directed at finance and HR personnel . The scam emails will spoof Attack.Phishing a request from the organization ’ s CEO ( or someone similarly high up in the organization ) and request all employee W-2 forms . Defense Point did not return calls or emails seeking comment . An Accenture spokesperson issued the following brief statement : “ Data protection and our employees are top priorities . Our leadership and security team are providing support to all impacted employees. ” Fraudsters who perpetrate tax refund fraud prize W-2 information because it contains virtually all of the data one would need to fraudulently file someone ’ s taxes and request a large refund in their name . Scammers in tax years past also have massively phished Attack.Phishing online payroll management account credentials used by corporate HR professionals . This year , they are going after people who run tax preparation firms , and W-2 ’ s are now being openly sold in underground cybercrime stores . Tax refund fraud affects hundreds of thousands , if not millions , of U.S. citizens annually . Victims usually first learn of the crime after having their returns rejected because scammers beat them to it . Even those who are not required to file a return can be victims of refund fraud , as can those who are not actually due a refund from the IRS .