In a W-2 scam, a cyberattacker sends an email to payroll or human resource departments while posing as one of the target organization’s executives. The cyberattacker then asks for a set of employees’ W-2 forms, which include identifying information such as Social Security numbers.
Roughly 200 businesses, public schools, universities, Native American governments and nonprofits were hit by W-2 scams during the most recent tax filing season, according to the government. In 2016, the government identified roughly 50 W-2 scams, according to CBS News.
To avoid a W-2 scam, the IRS recommended businesses alert employees with access to W-2 forms about the phishing trend.
“If you get a suspicious email, pick up the phone and call the person who purportedly sent it, using a phone number you can verify as theirs, not one that might be contained in the email. Confirm that this person has in fact made the request,” CBS News reports.
More articles on cybersecurity:
CVS Caremark exposes patients’ HIV statuses via envelop windows
GAO: Federal efforts to curb use of SSNs see ‘limited success’
Kaleida Health reports 2nd phishing attack in 2 months
