Here’s the Cyber Scam That Hits Metro Detroit Nonprofits First
Posted by MTS Consulting Group | December 15, 2025
Tax Season Scams Are Starting Early—And Nonprofits Are a Prime Target
It’s February. Tax season is ramping up across Metro Detroit and Southeast Michigan.
Accountants are booking up. Bookkeepers are pulling reports. Payroll teams are reviewing W-2s and 1099s. Leadership is focused on deadlines.
Here’s what rarely makes the checklist—but causes real damage every year:
The first major tax-season problem is often not a form. It’s a cyber scam.
And there’s one that shows up early because it’s easy, believable, and aimed directly at nonprofit organizations. Many Michigan nonprofits already have this message sitting in someone’s inbox.
The W-2 Email Scam: How It Targets Nonprofits
The setup is simple—and effective.
Someone in payroll, HR, finance, or operations receives an email that appears to come from the Executive Director, CEO, or another senior leader.
The message is short and urgent:
“Hi—can you send me copies of all employee W-2s for a quick review with our accountant? I’m tied up today and need them ASAP.”
It feels routine.
It’s tax season. W-2s are expected. Leadership is busy. The request sounds legitimate.
So the employee sends the files.
Except the email wasn’t from leadership.
It was sent by a criminal using a spoofed email address or a look-alike domain—and now that attacker has access to every employee’s most sensitive data.
Why This Becomes a Serious Cyber Liability Event
Once the files are sent, the damage is immediate.
Attackers now have:
- Full legal names
- Social Security numbers
- Home addresses
- Salary information
That’s everything needed for identity theft and fraudulent tax filings.
Most nonprofits don’t discover the issue until employees attempt to file their taxes—and receive a rejection notice stating a return has already been filed.
Now staff members are dealing with:
- IRS identity theft processes
- Credit monitoring
- Months of paperwork and stress
For the organization, this becomes more than a technical incident.
It’s cyber liability exposure:
- Business risk
- Legal risk
- Regulatory risk
- Operational risk
- Loss of staff trust
Cyber liability isn’t just about insurance—it’s about what happens when sensitive data is shared without proper safeguards.
Why the W-2 Scam Works So Well During Tax Season
This scam continues to succeed because it blends in.
The timing feels right. February is when W-2s are actively discussed and shared.
The request is reasonable. No money transfer. No obvious red flags. Just a document request.
The urgency feels normal. “Today is packed” doesn’t stand out in a busy nonprofit office.
The sender looks legitimate. Attackers research leadership names, roles, and even vendors.
People want to help. Especially when a request appears to come from the top.
Urgency plus trust equals risk.
How Michigan Nonprofits Can Reduce This Risk Now
This scam is preventable—and prevention doesn’t require complex tools.
- Establish a “No W-2s via Email” policy
Sensitive payroll documents should never be sent as email attachments. No exceptions. - Require second-channel verification
Any request for sensitive data must be confirmed by phone, in person, or internal chat—using known contact information. - Hold a quick tax-season awareness huddle
Ten minutes is enough to show staff what these emails look like and what to do. - Enforce MFA on payroll and HR systems
Multi-factor authentication dramatically reduces cyber liability when credentials are compromised. - Reward verification, not speed
Employees who pause to double-check—even with leadership—should be encouraged.
These steps are simple, affordable, and effective—and they dramatically reduce cyber liability for nonprofits.
The Bigger Tax-Season Cyber Picture
The W-2 scam is only the first wave.
Between now and April, nonprofits across Metro Detroit and Southeast Michigan will see:
- Fake IRS notices
- Phishing emails posing as tax software updates
- Messages impersonating accountants
- Fraudulent invoices timed around tax expenses
Organizations that avoid incidents aren’t lucky—they’re prepared.
They reduce cyber liability by building awareness, policies, and guardrails before something goes wrong.
Is Your Nonprofit Ready for Tax Season?
If your organization already has clear policies, trained staff, and secured systems—that’s excellent.
If not, now is the time.
👉 Schedule a Discovery Call with MTS Consulting Group
We’ll help you review:
- Payroll and HR access controls
- MFA coverage
- W-2 handling rules
- Email protections against spoofing
- Common policy gaps we see in Michigan nonprofits
And if this article reminds you of another nonprofit leader who’s stretched thin, share it with them. It may save their organization—and their staff—from a painful, personal cyber incident.
Book your Discovery Call today.
Because tax season is demanding enough—without cyber liability added to the load.
