This is a good time of year to remind your employees that they need to take special precautions to protect against the spreading depredations of W-2 phishing scams.
In a separate development, the Internal Revenue Service (IRS) recently issued a warning for those accounting professionals responsible for making tax filings concerning a different phishing scam where the criminals impersonate the IRS and attempt to steal Electronic Filing Identification Numbers (EFINs).
When it comes to the W-2 phishing scams, hackers obtain employee W-2 Forms for the purpose of filing fraudulent tax returns to obtain large refunds. These phishing e-mails typically show up around the time after firms have distributed W-2 forms to their employees. This year, employers are seen as being more vulnerable than before because of the enormous increase in e-mail communications by employees necessitated by working from home.
This particular kind of cyber-scam is considered a form of “spear-phishing” and also is known as business e-mail compromise (BEC) attacks, and CEO spoofing. Spear-phishing attacks are designed to target a specific victim by using personal or organizational information to earn the victim’s trust.
The cyber-criminal uses information like personal and work e-mail addresses, job titles and responsibilities, names of friends and colleagues, personal interests and more to lure victims into providing sensitive or confidential information. Quite often, the scammer…
