W-2 phishing season is just a few weeks away. For the past several tax seasons, cyber criminals have used sophisticated social engineering tactics to dupe hundreds of payroll and HR departments into providing W-2 data on their employees, which results in the filing of fraudulent tax returns, other identity theft cases and class-action lawsuits against the company.
These attacks are incredibly disruptive to employees, extremely expensive for employers and are completely avoidable with awareness training. The typical W-2 phishing email is spoofed to look like it is from a high-level executive and asks the employee to provide W-2 or other tax-related information either by replying to the phishing email, by sending the information to another email address, or to upload it to a server owned by the bad guys.
In many instances, the request for the information appears to be urgent, which forces the employee to act quickly. These spoofed messages can be very convincing. The emails have the email address and often contain the actual signature block of the executive that makes the employee believe that the email is authentic.
Warn them to "Think Before They Click" and to follow proper procedure, even though the email might look like it's from the CEO. KnowBe4 has ready-to-send phishing templates including the spoofed CEO email address that you can use
to inoculate high-risk employees against this type of CEO fraud. Here is a screenshot of a W-2 fraud template you can use:
CEO Fraud Prevention Manual Download
CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.
PS: Don't like to click on redirected buttons? Copy and paste this link in your browser: