News Release Header

ADOR Warns Businesses of Phishing Scammers

September 3, 2020

The Arizona Department of Revenue (ADOR) urges employers to be cautious of phishing and other email scams. Scammers will disguise themselves in an attempt to access and abuse sensitive data such as passwords, usernames, social security numbers, payment, and credit card information.

For example, the W-2 form email phishing scam continues to find unsuspecting victims every day. The W-2 form contains an employee's annual wages, the amount of taxes withheld from their paycheck, and other confidential information.

The most popular W-2 form phishing scenario consists of someone in a company’s payroll or human resources office receiving an email that appears to be from an executive of that business. Additionally, the email requests for employee W-2 data imposes a sense of urgency and pressure for an immediate response.

When encountering unfamiliar emails, companies should try to identify common grammatical, spelling errors, and old or wrong company information. Furthermore, the email addresses can seem like the company’s internal domain email address, but will typically have an external domain email address (e.g., Gmail, yahoo).

ADOR recommends that businesses not respond to any suspicious email and instead connect with the person whose name is on the email by phone or in-person to confirm its authenticity. If there is an internal phone directory available, employees should use the number listed in that directory. Employers are encouraged to establish specific internal procedures for learning how to identify and address W-2 form and other phishing scams.

Individuals and businesses that encounter suspicious activity or have any questions should contact the Department of Revenue’s Identity Theft Call Center at: (602) 716-6300, toll-free: (800) 352-4090 or at



Thursday, September 3, 2020