It’s February in Salt Lake City. That means court deadlines, client filings, W-2s, and 1099s are piling up—and so are the cyberattacks.
Because here’s the truth most managing partners don’t realize until it’s too late:
The first threat of tax season isn’t a missed form. It’s a scam. And Salt Lake City law firms are top targets.
This isn’t theoretical. This scam is already circulating in inboxes across the Wasatch Front. If you’re handling payroll, HR, or internal communications at your firm, it could already be sitting in yours.
The W-2 Scam Law Firms Never See Coming
Here’s how it works:
Someone on your team (usually a legal admin or HR/payroll staff) gets an email that appears to be from a partner or senior attorney.
The message is short. Authoritative. Time-sensitive:
"Hey—need copies of all employee W-2s for a meeting with our CPA. Can you send them ASAP? Running into court now."
Sounds legit, right? It looks like it’s coming from your name or domain. It uses the right tone. It fits the pace of February chaos.
So your staff sends the documents.
Except it wasn’t from you. It was a criminal using a spoofed email or domain designed to trick your team.
Now that cybercriminal has:
- Social Security numbers
- Home addresses
- Salary data
- Full legal names
And they’ll use them to file fake tax returns before your staff even clicks submit.
What Happens Next Could Ruin Morale (and Your Reputation)
Here’s how most law firms find out:
An associate tries to file their tax return. It gets rejected—someone already filed using their SSN.
That refund? Gone.
What follows is a nightmare of IRS letters, identity theft protection, and hours on the phone with credit agencies.
Multiply that by your entire staff, and now you’re dealing with a:
- Legal liability
- PR disaster
- Morale crisis
- Potential ABA compliance violation
Why This Scam Devastates Salt Lake Law Firms So Easily
This isn’t some amateur "Nigerian prince" hustle. This is professional, timely, and highly targeted.
Here’s why it works:
- It fits the season. Tax documents are flying around in February. No one questions a W-2 request.
- It mimics legal culture. Quick asks. Tight deadlines. Assistants jumping to help partners.
- It feels natural. The tone, the email address, the urgency—it all matches the day-to-day hustle.
- It exploits trust. Staff want to help senior leadership. That’s what makes them vulnerable.
5 Things Every Salt Lake City Law Firm Should Do This Week
The solution isn’t just software. It’s policy. It’s culture. And it starts now.
- Create a "No W-2s via Email" Rule.
W-2s don’t get sent via email. Period. No matter who asks. Make it a firmwide policy with no exceptions. - Require Dual-Channel Verification.
If someone requests sensitive data over email, they must confirm it via another method: phone, Teams, Slack—whatever you use. But not email. Ever. - Hold a 10-Minute Scam Briefing.
Do it this week. Tell your HR and legal support staff: "This is what it looks like. This is how we stop it." - Lock Down Payroll and HR Systems.
Multi-factor authentication (MFA) is non-negotiable. If you’re accessing W-2s or employee data, there should be multiple layers of security. - Reward Verification, Don’t Punish It.
If someone pauses to question a request—even from the managing partner—they should be applauded, not dismissed.
Don’t Let Tax Season Be the Start of a Security Crisis
This W-2 scam is just the first attack in a long season of tax-related phishing and fraud.
Expect:
- Fake IRS emails demanding payment
- Phony updates from tax software platforms
- Spoofed messages from your CPA with malware links
Salt Lake City law firms that make it through tax season safely don’t get lucky. They get prepared.
At Qual IT, we specialize in managed IT services for Salt Lake City law firms. We help firms build secure, compliant systems that block these scams before they reach your staff’s inbox.
Is Your Firm Protected?
If your firm already has rock-solid policies and strong cybersecurity, fantastic. But most don’t. And most don’t realize it until after the damage is done.
If you’re unsure—or if you’re relying on hope more than confidence—let’s talk.
Click here to book your free legal IT network assessment.
We’ll walk you through:
- Where your payroll access is vulnerable
- How to implement verification rules that actually get followed
- The email security you should have
- One policy tweak most firms miss that could save you six figures
Let’s make sure your first court battle this quarter isn’t against a cybercriminal.
—Qual IT
