W-2 phishing season is here. For the past several tax seasons, cyber criminals have used sophisticated social engineering tactics to dupe hundreds of payroll and HR departments into providing W-2 data on their employees, which results in the filing of fraudulent tax returns and other identity theft cases.
These attacks are incredibly disruptive to employees, extremely expensive for employers and are completely avoidable with awareness training. The typical W-2 phishing email is spoofed to look like it is from a high-level executive and asks the employee to provide W-2 or other tax-related information either by replying to the phishing email or by sending the information to another email address.
In many instances, the request for the information appears to be urgent, which forces the employee to act quickly. These spoofed messages can be very convincing. The emails have the email address and often contain the actual signature block of the executive that makes the employee believe that the email is authentic.
Warn them to "Think Before They Click" and to follow proper procedure, even though the email might look like it's from the CEO.
Info provided by KnowBe4. Check out their blog to learn more. https://blog.knowbe4.com/scam-of-the-week-blends-ceo-fraud-and-w-2-phishing