Danger Season for W-2 Phishing Approaches


Cyber criminals are about to ramp up their efforts to steal employee W-2s. Just like other businesses, cyber criminals seek efficiency. If they can get just one member of your HR or finance staff to send W-2 forms, they can profit directly by filing fraudulent tax returns and stealing refunds. Beazley Breach Response (BBR) Services typically sees W-2 phishing peak toward the beginning of tax season, as criminals race to file fraudulent returns before employees can file their legitimate ones.

A successful attack generally begins with a spoofed email to an employee in the accounting, finance, or HR department. Appearing to come from an executive, sometimes bolstered by details the criminal has gleaned from LinkedIn or social media, the email leads the employee to supply PDFs of W-2s or other forms of electronic payroll data. When the attack succeeds, most or all of your employees are likely to have their data compromised.

Always remember email requests will never be made for your personal information, If you ever receive such a request from a Nisivoccia email address or employee name, please contact the Technology department as well as the Human Resources department immediately. The same practice applies to your personal information also. Never supply information via email.

Thank you and have a safe Holiday Season!