Beware of W2 Phishing Emails Targeting Employees
With the IRS’s due date of April 18th looming overhead, fraudsters are rapidly trying to cash in on tax refunds. Over the past two weeks, we’ve seen an increase of BEC (business email compromise) fraudster scams involving requests for employee’s W2 taxpayer information. In this scam, the scammer pretends to be a member of upper management, and targets a more junior member of the organization. The phishing email requests that the target send employees’ W2 forms for inspection.
It’s important to realize that these documents contain tax and wage information for employees as well as their social security number, home address and employment location. Once these documents are obtained, the criminals would have everything they need to perform tax refund fraud; effectively stealing tax refunds owed to workers. In addition to tax refund fraud, these documents contain a plethora of information that can help the scammer commit identity fraud as well.
This group sends emails from what appear to be stolen email accounts and match the compromised domain. A different “Reply-to” address is set in the email so that when a victim replies, the reply goes to an account under the attackers’ control, and not to the address it appears to have originated from. In the past 12 days, this group has used at least eight stolen domains for sending emails and has sent over 600 emails to victims.
For W2 fraud, these are some of the email subjects we are seeing:
Subject: Request For All Employees W2s
Subject: Request For All Employees W2s, Monday 29th February, 2016
In addition, employees should keep the following tips top of mind:
- Be cautious of links and attachments in emails from senders you don’t recognize, or are requesting actions that seem unusual or don’t follow normal procedures. Avoid providing personal information when answering an email, unsolicited phone call, text message or instant message.
- Additionally, do not reply to any emails that seem suspicious. Obtain the sender’s address from the corporate address book and ask them about the message.
- Never enter personal information in a pop-up web page or anywhere else that you did not initiate.
- Keep security software and all other software programs updated.
- Report security warnings from your Internet security software to IT immediately, chances are, they aren’t aware of all threats that occur.
You can learn more about safe cyber security practices for employees here.