Home Advice & How-ToSafety Is It Safe To Email a W2? Not Unless You Take This Precaution First
Home Advice & How-ToSafety Is It Safe To Email a W2? Not Unless You Take This Precaution First
Safety

Is It Safe To Email a W2? Not Unless You Take This Precaution First

by Fred Decker
by Fred Decker
FacebookTwitterLinkedinEmailCopy to clipboard

One of the really big advancements we’ve seen over the past couple of decades is the rise of electronic tax filing and tax documents.  The ability to file electronically and get a refund by direct deposit has been a game changer, sharply reducing both the time and fuss required to actually receive your money (and reducing paper usage is good for the environment, too). 

One side issue that crops up with electronic tax documents, such as your W2, is whether it’s safe to retrieve them electronically and then pass them along to your preparer by email.  The honest answer is…maybe.  It comes down to how you and your preparer handle the emails. 

Electronic Retrieval Is Not the Same as Email

One thing to clear up right from the start is that retrieving your tax documents electronically is not at all the same thing as emailing them.  Email, by its nature, is not especially secure.  Most emails can be read easily by hackers if they’re intercepted, and hacks are frequent:  One major email attack, affecting thousands of organizations, was revealed in March 2021. 

Spokeo logo

Who's Calling Me?

Search any phone number to learn more about the owner!

Retrieving your documents electronically is completely different.  In order to download a W2 from your employer (or your employer’s payroll processor), you’ll need to log in to a secure site with your own unique username and password.  The only risky part of the process is at your own end:  If a hacker has gotten into your home network, either by infecting your computer with malware or by gaining access through the Wi-Fi, then nothing you do on your computer is safe and secure. 

That’s an issue, but it’s nothing to do with your W2. 

Is It Safe To Email a W2? 

Once you’ve got an electronic W2 from your employer, the next question is how you choose to file.  If you’re filing online, you typically won’t need to send the W2 anywhere.  The major online tax programs can often import W2s directly from your employer, or you can enter the information from your W2 manually, or you may even be able to snap a photo of it with your phone — just like remotely  depositing a check — and the app will extract the data.

If you’re using a professional tax preparer to create your return, it’s conceivable you might need to email one or more W2s (depending how many jobs you’ve held during the year) in order for the preparer to complete your return.  As we’ve previously noted, email is not especially secure:  You probably won’t experience an issue with your W2 going astray, but it’s certainly a possibility. 

If you want to email your W2 safely, you’ll need to encrypt that email before it’s sent.  That way, even if your email is intercepted, the hacker won’t be able to open the W2 and misuse your information.  It isn’t hard to do, though there are a few steps involved.  You’ll also need your tax preparer to be up to speed with this, otherwise it doesn’t work. 

How Encrypted Email Works

An encrypted email works just like the coded messages you see in spy movies:  Once it’s encrypted, it’s unreadable gibberish to anyone who doesn’t have the key to decode it.  There are two main encryption standards used for email, one called S/MIME and one called PGP/MIME.  There are differences between them, and feel free to geek out on the details if you wish, but the important thing to know is that Outlook, Gmail and iOS use S/MIME, while Android, AOL and Yahoo use PGP/MIME. 

To encrypt your emails, either one at a time or by default, you’ll need to look up the appropriate instructions for your own specific email program.  Authoritative sources including Panda Security and Hewlett-Packard have handy guides to walk you through the process for each of the major platforms (and good explanations of those geeky details we spoke of).  Alternatively, you can go straight to the support site for Microsoft or your own email provider. 

Once you’ve set up the encrypted email, you can send the W2 safely to your tax preparer.  Any file you attach to an encrypted email is also automatically encrypted.  Your tax preparer needs to be using an email system that supports the same encryption standard and may need to manually apply a decryption key in order to see it.  Don’t send the key in an unencrypted email; provide it by telephone or text message instead. 

W2 Phishing Scam for Employers

There is one other circumstance in which it’s emphatically not safe to send W2 information by email, and that’s if you’re an employer.  Over the past few years criminals have deliberately targeted the payroll and HR departments of businesses with phishing emails, which are “spoofed” to appear as if they’re coming from one of the company’s executives. 

The message varies, but the bottom line is that the boss is preparing a report and needs everybody’s W2 information.  If someone in accounting or HR falls for this and sends the information, it’s a windfall for scammers.  The problem is important enough that the IRS has dedicated a page to it, and it made the 2020 edition of the agency’s “Dirty Dozen” list of especially dangerous scams. 

If you’re an employer or business owner, or if you work in the payroll or HR department of your company, you need to be aware of this scam and prepared to deal with it if it should happen to you.  If you aren’t prepared, the liability issues can be significant. 

What Happens if Your W2 Information Is Stolen? 

If your W2 does go astray, it’s a very bad thing.  Like other tax documents it contains a great deal of highly sensitive personal information and can be used in many ways by criminals.  The IRS website has a lengthy list of these potential scams.  For example, scammers might file a return in your name and claim the refund that’s due to you (often within hours of stealing your information) or use your information to claim deductions or benefits that are rightfully yours. 

Beyond the immediate prospect of tax scams, a W2 is a gold mine for identity thieves.  They’ll have your name, address and SSN, and they’ll know where you work and how much you make (and therefore, how much credit you’re eligible for).  It’s the identity theft equivalent of a home run. 

What To Do if Your Identity Is Compromised

If your W2 data is stolen, whether through a phishing attack on your company (or on your tax preparer; they’re frequently targeted as well) or through some other means, you can find out about it in a couple of different ways.  One is if your company alerts you to the breach and warns you to be vigilant for signs of identity theft.  The other occurs when you aren’t notified, but notice the telltale signs of identity theft anyway. 

Start by filing a report at the FTC’s IdentityTheft.gov website, which will create a personalized plan for you to help limit the damage you’ll experience from the identity theft.  Since your SSN and tax information are likely to be involved, you should also file a report with the SSA’s Office of the Inspector General and reach out to the IRS through its website or by telephone at 1-800-908-4490. 

You may also want to file a report with your local law enforcement and with the FBI’s Internet Crime Complaint Center (IC3)

The Bottom Line on Security and Your W2

At the end of the day, your W2 (or your 1099, if you have freelance income from a “side hustle” or other source) is as safe as you choose to make it.  Keeping your electronic tax documents safe — by encrypting them, by not leaving your devices lying around unattended and so on — is a matter of habit, just as locking up paper tax documents was. 

Spending the extra time and effort to encrypt your emails before sending them is at most a minor inconvenience, even if you have to call in a favor and have someone more tech savvy set it up for you.  The potential cost and disruption caused by identity theft is a much, much bigger inconvenience. 

References: