Businesses have been victimized by W-2 phishing scams in growing numbers. The scams are a variation of traditional phishing scams, where criminals trick email users into providing confidential information and then use that information to steal money or the victim’s identity.
W-2 Phishing Scams Explained
In this type of scam, cybercriminals claim to be someone from company’s management team. They send emails to employees — typically in payroll, benefits or human resources departments. The emails often request a list of employees along with their W-2 forms, Social Security numbers or other confidential data.
The emails often appear to be legitimate because scammers use convincing techniques such as business email compromise or business email spoofing. Many emails contain the company’s logo along with the name of actual corporate executives. The messages use language such as “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
If the employee responds to the phishing email, criminals can use this information to file fraudulent tax returns in the employees’ names. The ultimate objective of these scams is to fraudulently claim tax refunds.
Prevention Through Education
Recently, the IRS released an alert urging employers to educate payroll staff and other employees about the dangers of W-2 phishing scams. Be sure to inform all employees, particularly those in areas that handle sensitive data, about these scams and remind them not to click on links or download attachments from emails that are unsolicited, sent from addresses they don’t recognize, or that seem suspicious.
Employees often are nervous about questioning a request that appears to come from upper management. So encourage them to double-check all email requests that are for sensitive information, no matter who appears to be making the request. To do this, they should talk directly with the supervisor or colleague who “sent” the email as opposed to responding to directly to the suspicious email.
Keep Technology Up-To-Date
Install trusted antivirus software and use spam filters and download any and all updates. With the right employee training and necessary precautions put in place, your business should remain protected against w-2 phishing scams. However, if you suspect that you are the victim of a W-2 phishing scam, contact the IRS at [email protected] as soon as possible.
In the meantime, for more information about how you can prevent phishing scams within your workplace, we can help. Visit our website to see all of the social engineering services that we offer. Employee education is truly the key to preventing a breach!
Phone: 844-OCDTECH
Email: [email protected]
