Evolving W-2 phishing campaigns

The Internet Crime Complaint Center (IC3) has issued an alert on W-2 phishing campaigns. In the latest scam, criminals are targeting sensitive tax information by using IRS-related phishing emails.

Starting in January 2018, there have been reports of an increase in compromised or spoofed emails requesting W-2 information. The scammers sometimes follow up with a request for an unauthorized wire transfer.  

According to the IC3 alert, the most popular method of the scam is the impersonation of an executive via a compromised or spoofed email, with the objective of getting W-2 information from a Human Resource (HR) professional within the same organization. Criminals have evolved their tactics to focus on mass data thefts (such as larger number of W-2 data troves from HR departments). 

This warning comes after reports of identity thieves hacking tax preparers to pull off tax refund fraud, as Brian Krebs reported earlier this week. 

Some of the IC3 recommendations and best practices to help reduce W-2 phishing and BEC scams include: 

  • Limit the number of employees within a business who have the authority to approve and/or conduct wire transfers and handle W-2 related requests or tasks.
  • Use out of band authentication to verify requests for W-2 related information or wire transfer requests that are seemingly coming from executives. 
  • Verify a change in payment instructions to a vendor or supplier by calling to verbally confirm the request. 
  • Maintain a file, preferably in non-electronic form, of vendor contact information for those who are authorized to approve changes in payment instructions.
  • Delay the transaction until additional verifications can be performed such as having staff wait to be contacted by the bank to verify the wire transfer.
  • Require dual-approval for any wire transfer request under certain criteria (such as certain dollar amount, new trading partners or transfers out of the country to name a few). 

Individual taxpayers should also be vigilant of W-2 phishing attacks as criminals are interested in sensitive tax information. Be wary of clicking on any links included in emails asking for sensitive tax or personally identifiable information.

Leave a Reply

Close Menu