Watch out for W-2 tax document OneDrive email phishing scam

ByCraig Haley

Tax season in the United States is in full swing. That means plenty of tax related documents are being passed around cyberspace. This isn’t something phishing scammers are going to ignore.

In one email phishing scam that has managed to find its way around many email junk filers, an email appears to show a W2 tax document being shared with the recipient via OneDrive, the cloud file storage service from Microsoft.

The email, which will appear similar to the below screenshot, provides a link for the recipient to open the tax document. It is being sent with the subject “Re: Home Loan”.

But it’s a phishing scam and there is no phishing document. The link leads to a webpage hosted on the TypeForm platform, a service that allows people to create forms and surveys.

The page asks for the visitor to login to see the tax document, but any username and password combinations entered into this page will be sent to the scammers, effectively handing them control of your online account (unless you’re sensible enough to have enabled two-factor authentication.)


Sponsored Content. Continued below...




Regardless of what username and password a person enters, the visitor is told that its incorrect, and the page eventually “locks” the document claiming it cannot confirm the visitor’s identity. It’s all a ruse, though. There is no document, and the webpage isn’t really trying to validate the information, rather just transmit it to cyber crooks.

Always watch out for emails asking you to open attachments or click links. These are how phishing scams usually start. If you do click a link, unless you trust the website you’re on, don’t enter any personal information into it. If you’re on a platform that allows anyone to create a website, such as TypeForm or Google Sites, you shouldn’t trust it if it asks for personal information or login details.

Keep up-to-date with all the latest cybersecurity threats and our tips to stay safe online. Follow us on Facebook, Instagram and Twitter.

Continued below...


Thanks for reading! But before you go… as part of our latest series of articles on how to earn a little extra cash using the Internet (without getting scammed) we have been looking into how you can earn gift vouchers (like Amazon vouchers) using reward-per-action websites such as SwagBucks. If you are interested we even have our own sign-up code to get you started. Want to learn more? We discuss it here. (Or you can just sign-up here and use code Nonsense70SB when registering.)

Become a Facebook Supporter. For 0.99p (~$1.30) a month you can become a Facebook fan, meaning you get an optional Supporter Badge when you comment on our Facebook posts, as well as discounts on our merchandise. You can subscribe here (cancel anytime.)