Tax season scams are starting early this year and the hackers are getting smarter by the month. The current scam works in two steps so watch out for possibly erroneous emails for your tax information.
STEP 1: Cybercriminals are sending emails, posing as potential clients, and interested in services from tax professionals. The tax preparer responds, and the hackers send a second email with a malicious attachment. The tax preparer falls for this social engineering attack and that compromises the machine and now the hackers"own" the tax preparer's computer.
STEP 2: The hackers now use the tax pro's computer to send out legit looking emails to all the tax pro' clients and get their financial records sent over to their own email address, so they can quickly file a fake tax return and pocket the money, using the illegally obtained information.
When receiving an email about your taxes or your W2 from literally anybody, whether you know them or not, pick up the phone and verify with your known-trusted tax preparer that they actually sent you that email. If you send tax information via email, triple-check that the email address to whom you are sending is correct and type it in yourself in the "To" field.
NEVER click on "reply" and attach your tax information, because that reply email address might be spoofed. Want to be 100% safe? Hand-carry your tax info to your preparer and complete the tax return in person with them.