Spear-Phishing Campaign Targets W-2’s During Tax Season

Media Division | February 16, 2017

Cyber scams can get very clever in the methods that they employ to breach an organization.  For instance, CEO fraud is where the scammer will impersonate the CEO of an organization to attempt to obtain protected or privileged data.  Unfortunately, there have been several organizations that have fallen victim to this type of attack, including Snapchat, as well as a Florida school district in a recent attack.  In a recent post from the Internal Revenue Service (IRS), they warn of a tax season scam in which CEO fraud is coupled with a tax document scam, which is then followed by wire fraud.

The scam begins by the attacker skillfully doctoring an email to make it appear that it is coming from the executive of the organization, and then sends it to all payroll and human resources employees.  In the email, the scammer will ask for a list of all of the employees, as well as their W-2 forms.  The attacker will then follow up with an email to payroll or the comptroller which requests a wire transfer.  This wire transfer technique is not related to taxes but is rather piggybacking on the W-2 scam.  This combination can be quite dangerous, as some organizations have been hit two-fold, and had sent out the W-2’S to the scammers, as well as wire transferred money to them.

The purloined W-2’s can be used for identity theft, as well as filing fraudulent tax returns.  The IRS has provided an email address that organizations can send information about received W-2 scams, which is phishing@irs.gov.  They also state that if an organization is victimized or targeted by these attacks then they should file a complaint with the Internet Crime Complaint Center (IC3), which is operated by the FBI.

Employing Anti-Phishing Solutions

Many organizations will simply go off the assumption that they will not be breached, or hope that it does not happen.  This can be very dangerous thinking, and it is much more ideal to have proper defenses and mitigation processes in place.  A single breach can cost more than most would think, as there can be the loss of money, information or assets, and reputational damage.  Preventing breaches is, of course, the most ideal scene, but if there does happen to be a phishing breach, it needs to be handled appropriately.  Massive Alliance offers anti-phishing solutions that not only can help to prevent attacks, but as well as identify, trace, and eliminate threats after a breach.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.