Tax Season Phishing: A Cautionary Tale

Broadview Heights Ohio
Wednesday, Sep 18, 2019
63°F

Business

Tax Season Phishing: A Cautionary Tale

February 01 2017
3 min

Joe,

Kindly send me the individual 2016 W-2s (PDF) and earnings summaries for all of our company staff for a quick review. This request is time-sensitive and confidential. I really appreciate your cooperation.

Thanks,

Dave Smith
Company CEO
www.company.com

Whether you’re often in communication with the upper execs at your company or not, the above request would sure get your heart pumping. That’s because you’re a conscientious employee who’s always ready to help.

But take caution: just as sure as you want to aid in properly handling your company’s tax filing, cybercriminals hope to exploit that eagerness. And they do, every year, prompting the IRS to disseminate advisories and PSAs. One specific fraudster tactic that continues to claim its proverbial pound has seen astronomical increase. Phishing attacks on U.S. taxpayers have skyrocketed some 400% in recent years, and there’s good reason why.

Following age-old “bait and hook” tactics, tax season’s phishing emails often lure potential victims with phony communications, generally from purported company executives or IRS reps. Accurate company and employee data pulled from online searches and social media profiles lends credence to scammer requests. Preying on employees’ readiness to quickly comply and assist, cybercrooks use vague subject lines—e.g. “Urgent,” “Transfer” or “Request”—to pique interest. Once opened, email contents quickly work on victims’ sense of duty, and suspicion takes a backseat.

Some common email topics that should set off an alarm bell:

Information regarding a tax refund
Warnings about unreported or under-reported income
Offers to assist in filing for a refund
Links to counterfeit e-file websites
Requests for personally identifiable information (PII) to be sent via email or entered online

Kudos if you recognize an email to be a scam—they’re often hard to spot. Yet even your eagle eyes and intuition may not be a match for the cybercriminal’s determination. At times, merely opening their fraudulent message launches malware or malicious attachments that infiltrate your system and steal valuable data. The threat holds true whether email is opened from a work-related or a personal account; if it’s within the company’s network, you could be putting mega amounts of sensitive data at risk.

The cautionary tales of companies who’ve fallen victim to W-2 phishing are sobering—there’s a lot to lose. Stolen PII is a hot commodity in underground markets, and one that doesn’t lose value. In fact, harvested data can be used to stage future attacks. And as IRS agent Phyllis explains, falling victim to a tax-related scam can result in dizzying real-world financial losses.

That’s a pretty brisk reality check. But enough bad news, how about a few solutions? We’ve got those too. Stay tuned to our various communication channels for ways to combat these smooth cyber operators.

Connect and Protect:
Facebook
Twitter
Blog

Wiring the Workplace: Grounding Your Cyber Culture

Tax Season Phishing: Peak Time for Big Game

Terms & Conditions

These Terms & Conditions govern your use of this website; your use of this website indicates your acceptance of these Terms & Conditions in full.

Kindly note that the information and content provided on this website does not constitute professional advice. Although we do our best to keep everything on this site correct and up-to-date, we do not guarantee the completeness or accuracy of any information provided on this website. Improvements and/or changes in the products, services and/or programs described on this website may be made at any time without notice. We must also advise that hypertext links to other websites do not constitute an endorsement, nor do we guarantee any information provided by those sites.

While we do love when users share what they find on our website, it may be used or shared only for personal purposes. The information and content provided on this website is owned or licensed by Zinc, and should not be used or disseminated for any profit or gain.

While using this website, please be aware that no insurance coverages can be bound and no amendments, supplements, or modifications can be added to your policy, new or existing, unless and until you have received a written binder from us or your insurance company.

For users outside of the US: We make no claims that the content on this web site is appropriate or may be downloaded outside of the United States. If you access the site from outside the United States, you do so at your own risk and are responsible for compliance with the laws of your jurisdiction.

Even though we work hard to ensure the security and safety of our website and its users, we cannot and do not guarantee that this website will operate error-free, nor that this website and its server are without computer viruses or other harmful material. If your use of this website or material from it results in any costs or expenses, we will not be responsible for those costs or expenses. This website and its materials are provided without any warranties of any kind, to the fullest extent permitted by law.

Please bear in mind that we will not be liable for any losses or damages arising under these Terms & Conditions or in connection with this website, whether arising in tort, contract, or otherwise – including, without limitation, any loss of profit, contracts, business, goodwill, data, income, revenue or anticipated savings.

Finally, if for any reason any portion or provision of these Terms & Conditions is ruled to be unenforceable, that provision will be enforced to the maximum extent permissible so as to affect the intent of the Terms & Conditions, and the remainder of the Terms & Conditions will continue in full force and effect.

Request a Quote