It’s February in Vancouver. Tax season is picking up. Your accountant is buried. Your bookkeeper is collecting documents. Everyone’s thinking about T4s, 1099s, RRSP slips, and deadlines.
But here’s the part no one marks on the calendar: the first major tax‑season headache usually isn’t a form. It’s a scam.
And there’s one attack that always arrives early because it’s easy, believable, and specifically designed to fool small businesses. You may already have a version of it sitting quietly in someone’s inbox.
Let’s talk about the W‑2 scam, the scam that hits HR, payroll, and finance teams before April even enters the chat.
The T4 Scam: How It Works
Here’s the setup:
Someone in your company, usually the person who handles payroll or HR, gets an email that appears to come from the CEO, business owner, or an executive.
The message is short and urgent:
“Hey, I need all employee T4s for a meeting. Can you send them ASAP? Swamped today.”
It looks normal.
The tone feels right.
The timing makes sense, tax season is chaotic.
So, your employee sends the T4s.
Except the email wasn’t from the CEO. It was from a criminal spoofing your domain or using a look‑alike address designed to fool even careful employees.
And now the attacker has every employee’s:
- Full legal name
- Social Insurance Number / Social Security Number
- Home address
- Salary information
Everything needed for identity theft. Everything needed to file fraudulent tax returns before your team even starts theirs.
What Happens Next
Most businesses discover the scam after the damage is done.
Here’s the usual pattern:
Someone on your team files their tax return.
It gets rejected.
“Return already filed for this Social Security Number.”
Which means:
- Someone already impersonated them
- Already claimed their refund
- Already took the money
Now your employee is dealing with the CRA or IRS, credit monitoring, fraud alerts, and a mountain of paperwork, for a document they never realized they sent out.
Multiply that by your entire staff.
Suddenly you’re facing:
- A major trust issue
- An HR disaster
- A cybersecurity incident
- Potential legal exposure
- A hit to your reputation
All from one believable email.
Why the T4 Scam Works So Well
This isn’t your typical “Nigerian prince” scam.
It looks legitimate because attackers do their homework.
They time it for when T4 requests are expected.
They mimic the CEO’s writing style.
They reference accountants or meetings.
They create just enough urgency to bypass critical thinking.
This scam works because:
- The timing is perfect. February is when W‑2/T4 documents get shared.
- The request is plausible. It’s not asking for money, it’s asking for something that does get sent internally.
- Urgency feels normal. “I’m slammed” sounds exactly like leadership in tax season.
- The sender looks right. Spoofed CEO emails are incredibly convincing.
- People want to help. Employees want to respond quickly to their boss, especially under pressure.
When urgency meets authority, mistakes follow.
How to Protect Your Vancouver Business Before This Hits
Here’s the good news: this scam is extremely preventable.
And it doesn’t require expensive tools, just smart policies, training, and a strong cybersecurity partner.
- Create a “no W‑2/T4 documents via email” rule.
No exceptions, ever.
If someone requests payroll data by email, the answer is always no.
- Require multi‑channel verification for sensitive requests.
Phone call. Teams message. In‑person check.
Anything except replying to the email.
- Hold a 10‑minute “tax scam” team huddle this week.
Don’t wait until April.
Awareness is the cheapest cybersecurity tool you’ll ever deploy.
- Lock down payroll and HR systems with MFA.
If credentials get stolen, MFA stops the attacker cold.
- Build a culture where verification is praised, not criticized.
The employee who double‑checks a CEO request is a hero, not a nuisance.
Five simple steps.
Easy to deploy.
Strong enough to stop the first and most common scam of tax season.
The Bigger Picture
The T4 scam is just the beginning.
Between now and April, expect a flood of tax‑themed attacks:
- Fake CRA/IRS notices demanding payment
- Phishing emails disguised as accounting software
- Spoofed messages from “your accountant”
- Fraudulent invoices disguised as tax‑related expenses
Criminals love tax season because businesses are distracted, rushed, and expecting financial communications.
Businesses that get through tax season safely aren’t lucky, they’re prepared.
They have the right policies.
The right training.
And the right cybersecurity protections in place to stop mistakes before they start.
Is Your Business Ready?
If you already have strong verification policies, MFA, and a proactive IT support team that trains your staff, amazing. You’re ahead of most small businesses in Vancouver.
If not, now is the time to get ready, not after your first employee gets a tax‑return rejection.
We can help.
👉 Book a 10‑minute discovery call, and we’ll review:
- Payroll & HR system security
- Email protections to detect spoofing
- W‑2/T4 verification rules
- One critical policy almost every business overlooks
If this doesn’t sound like you, great, share it with someone it does sound like. You might save them a major headache this year.
Tax season is stressful enough without identity theft on top of it.
