Here at ePlace, we’ve reported on spear-phishing attacks commonly referred to as the CEO Scam here and here. But with tax season in full force, cyber criminals are using that cover to steal personal information from HR departments.
The attack is a twist on the traditional CEO Scam that requests wire transfers from the finance department. Cyber criminals use the same technique of spoofing the CEO’s email to make it seem like the request is coming from the high-ranking executive. The spoofed email is sent to the human resources or payroll department and usually asks for W-2 forms. Too often, employees are getting tricked and sending the information along to the phony CEO.
The IRS issued an alert about the attacks because the companies of all sizes and industries have reported receiving these phishing emails. Snapchat has also publicly announced falling victim to the scam. Criminals are targeting W-2 information for tax refund fraud. They claim a large refund on behalf of the victim and have the funds deposited in an account under their control.
Companies need to warn their HR and payroll departments about this particular attack. Any email request asking for personal information like W-2s needs to be verified through direct contact with the sender.
Examples of requests to keep an eye out for in these phishing emails include:
- Kindly send me the individual 2015 W-2 (PDF) and earnings summary for all W-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
- I want you to send me the list of W-2 copy of employees’ wage and tax statements for 2015. I need them in PDF file type. You can send it as an attachment. Kingly prepare the lists and email them to me asap.