In a W-2 scam, a cyberattacker sends an email to payroll or human resource departments while posing as one of the target organization’s executives. The cyberattacker then asks for a set of employees’ W-2 forms, which include identifying information such as Social Security numbers.
Roughly 200 businesses, public schools, universities, Native American governments and nonprofits were hit by W-2 scams during the most recent tax filing season, according to the government. In 2016, the government identified roughly 50 W-2 scams, according to CBS News.
To avoid a W-2 scam, the IRS recommended businesses alert employees with access to W-2 forms about the phishing trend.
“If you get a suspicious email, pick up the phone and call the person who purportedly sent it, using a phone number you can verify as theirs, not one that might be contained in the email. Confirm that this person has in fact made the request,” CBS News reports.
More articles on cybersecurity:
CVS Caremark exposes patients’ HIV statuses via envelop windows
GAO: Federal efforts to curb use of SSNs see ‘limited success’
Kaleida Health reports 2nd phishing attack in 2 months
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
