New Phishing Scam Targets W-2 Information
Several companies have recently fallen victim to an insidious email phishing scam targeting employees in finance and HR departments, using a fake request from the company’s CEO or CFO to convince them to email all employee W2 forms.
In the last couple of months, employees from many companies have fallen victim to similar versions of the scam. In each case, employees were tricked into believing that the email was a legitimate internal company request and turned over payroll information and thousands of 2015 W2s.
Phishing emails are one of the top causes of data breaches, particularly “spearphishing” emails that rely on human nature to be effective because they’re sophisticated, customized, targeted, and personalized – making it harder to tell if they’re legitimate.
As a result of these scams, employees are not only at risk for identity theft issues, but also for tax refund fraud, which has skyrocketed in the last year. The IRS has seen a 400 percent increase in phishing and computer malware incidents. Thanks to this most recent and crafty spearphishing scam, thieves are getting easy access to all of the data they need to file fraudulent taxes in someone’s name and get their refund.
According to recent stats, the Federal Trade Commission received more than 490,000 identity theft complaints related to tax fraud last year, a 47 percent increase over 2014. It is now the largest and fastest-growing identity theft category that the commission tracks.
“We are definitely seeing a lot of activity because of the W-2 scams,” says Allen Burzen, Incident Response Manager at AllClear ID. “And in some cases, employees are seeing tax fraud right away.”
The best way for businesses to avoid becoming a victim is to make sure security keys and anti-spam filters are up to date, and that employees know how to spot phishing emails. And, if there’s ever a question, they should simply go straight to the source – whether it’s the CEO, CFO or head of human resources.