The IRS is warning employers again about W-2 phishing scams that increase during tax season, according to attorneys at Jackson Lewis. Scammers often target HR or accounting employees, sending them emails that appear to be from high-level company executives and that request W-2 forms and other information. Scammers who successfully spoof executives' email addresses and ensnare employees can access vital information on workers, including names, birth dates and Social Security numbers. Some use the information to file fake tax returns and receive refunds; others sell the information to identity thieves, the firm explains.
Jackson Lewis says that while employers can implement a number of tech-based security measures, teaching employees how to spot and avoid the scams is the best defense. Moreover, this should be accomplished before W-2 forms are generated.
HR departments are favorite targets of scammers because of the massive amount of personal and financial information they maintain. W-2s, in particular, are goldmines for scammers.
Spoofing is dangerous because it can trick even the most observant and cautious end-users. A successful spoofing attack can lead someone to download an infected file or click on a bad link with ransomware, a virus that encrypts a computer's files. Hackers, then, make money by quite literally ransoming the data back to the company.
After the massive breaches that occurred earlier this year, businesses must be better prepared to handle cybersecurity risks. According to a MediPro study, 70% of employees don't know how to prevent a workplace breach. Bad cyber practices remain a top threat to organizations.
Employers can lower their cyber risks by teaching employees how to take precautions against hackers and phishers; they also can invest in training for IT staff to help them instruct employees in cyber safety. Offering identity theft coverage is another preventive measure; a recent study shows that 68% of HR managers say this coverage as a vital benefit.