Do you enjoy tax time? The cybercriminals do! Tax season is upon us, and it’s a very healthy time of year for cybercriminals, who continue to target all industries with W2 phishing email scams. They use legitimate-looking emails asking for W2’s to be sent back to them.
Why? W2’s are FULL of information needed to compromise someone’s identity. Think this is just an HR problem? Think again! No matter your industry, ALL OF US have interacted with someone’s W2 at some point in time. Think of that W2 as a document dripping with personal information.
Think of that W2 as a document dripping with personal information.
These W2 scams are a real problem. The FBI released a bulletin recently, advising that these W2 scams are STILL on the rise. Let’s keep everyone’s information safe by recognizing these phishing email scams.
You can recognize phishing emails by following these tips on avoiding social engineering published by US-CERT (Computer Emergency Readiness Team):
- Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about employees or other internal information. If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
- Do not provide personal information or information about your organization, including its structure or networks, unless you are certain of a person’s authority to have the information.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
- Don’t send sensitive information over the Internet before checking a website’s security.
- Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
- If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.
- Take advantage of any anti-phishing features offered by your email client and web browser.
FBI Public Service Announcement: https://www.ic3.gov/media/2018/180221.aspx
Tips on Avoiding Social Engineering: https://www.us-cert.gov/ncas/tips/ST04-014
Have another thought, tip or suggestion? Leave it in the comments below. I would love to hear from you!