It’s February in Salt Lake City—and Every CPA Firm Is Under Pressure
W-2s. 1099s. K-1s. Client portals blowing up. Audit season starting. The last thing your firm needs right now is a tax-season curveball.
But the first real threat this time of year isn’t a missed deadline or an IRS notice. It’s a cyberattack disguised as a W-2 request.
And Salt Lake City CPA firms are among the top targets.
Why? Because you have what threat actors want: employee data, client data, trust, and tight timelines that leave little room for second-guessing.
Let’s break down the scam every Salt Lake accounting firm should know about before it hits your inbox.
The W-2 Scam: What Salt Lake CPA Firms Need to Watch For
Here’s how it plays out:
Your office manager, HR lead, or payroll coordinator gets an email that looks like it came from a partner or senior executive:
"Hey, can you send me the W-2s for everyone? I’ve got a meeting with the accountant in 20 minutes and need to review them. Super swamped today."
Sounds legit, right?
The tone fits. The timing makes sense. You’re in the heart of tax season, and your team wants to be helpful.
So they send the file.
Except it wasn’t from a partner. It was from a cybercriminal spoofing your domain, or using a near-identical lookalike domain.
Just like that, every employee’s full name, SSN, salary info, and home address is in the wrong hands.
What Happens After the Scam Works
You don’t usually find out right away.
The first red flag often comes when an employee files their taxes and gets this rejection:
"A return has already been filed using this Social Security number."
That’s when the nightmare begins: identity theft, IRS disputes, fraud alerts, credit monitoring, legal exposure.
And the most gut-wrenching part? Your firm was the point of failure.
You now have:
- A data breach
- A trust crisis with your team
- Potential compliance violations under IRS Pub. 4557 or AICPA SOC standards
- An HR and legal mess to clean up
This isn’t just an IT problem. It’s a brand problem. A reputation problem. A problem that could cost your firm clients and staff.
Why Salt Lake CPA Firms Are Especially Vulnerable
This scam doesn’t rely on malware. It relies on timing, trust, and speed—and CPAs in Salt Lake are moving fast right now.
Here’s why it works:
- It sounds normal. The message feels like it could come from any managing partner.
- It’s tax season. W-2 requests don’t raise red flags in February.
- Staff want to help. When the boss "asks," people comply—especially during crunch time.
- The attackers do their homework. They know your firm structure, partner names, and email conventions.
Bottom line: This scam is socially engineered to exploit the exact environment Salt Lake CPA firms operate in during Q1.
5 Steps to Shut This Scam Down in Your Firm
You don’t need a $100K cybersecurity overhaul to prevent this. You need smart policies and a culture of verification.
- Ban W-2s in email.
Create a firm-wide policy: W-2s, K-1s, and any other sensitive payroll documents are never sent over email—even internally.
- Use two-channel verification.
If someone asks for sensitive files, your staff must verify via another method (call, chat, in person). Never reply to the email. Always use a known contact method.
- Do a 10-minute training now.
Don’t wait. Gather your staff and say: "This scam is coming. This is what it looks like. Here’s what to do when it hits."
- Lock down payroll apps.
Multi-factor authentication (MFA) on Gusto, QuickBooks, or whatever payroll system you use. If a password gets phished, MFA still blocks access.
- Reward skepticism.
The employee who asks, "Are you sure this is legit?" should be celebrated. Make verification a strength, not a burden.
These changes are fast, affordable, and 100% implementable before the end of the week.
Salt Lake Cybercriminals Don’t Stop at W-2s
This W-2 scam is just the beginning. Here’s what else is coming for Salt Lake CPA firms between now and April:
- Spoofed emails claiming to be from tax software vendors
- Fake IRS notices demanding immediate wire transfers
- Lookalike domains for client portals
- Fraudulent invoices disguised as tax prep expenses
Cybercriminals know that CPA firms are under pressure, moving fast, and handling massive amounts of sensitive data. That makes you their prime target.
The Salt Lake CPA firms that come out clean on the other side of tax season?
They don’t rely on luck.
They rely on preparation.
Don’t Let a Scam Derail Your Tax Season
At Qual IT, we specialize in managed IT services for CPA firms in Salt Lake City. We know your deadlines, your tools, your compliance requirements—and how cybercriminals think during tax season.
If you’re not 100% confident in your IT security policies right now, we should talk. One quick assessment can show you exactly where the gaps are before a scam exposes them.
