Last year prominent companies like Seagate and Snapchat felt the devastating impact of W-2 phishing schemes. Now, according to an alert from the IRS issued earlier in the tax season, not only has the tactic spread beyond the corporate world to other sectors, but fraudsters are coupling these efforts with an older scheme on wire transfers. These advanced social-engineering attacks are causing companies to lose employees’ valuable information and thousands of dollars.
According to Sophos’ Senior Security Advisor Chet Wisniewski, businesses should consider the following tips to avoid tax scams as we approach the final month of tax season:
- The IRS will never contact you for personal information or about tax related matters via email. Any information or questions should be directed to the IRS website, or the toll-free numbers found on your tax forms.
- If you work in the Human Resources or Finance department of your company, you should be on the lookout for a new variety of scam targeting employees. Scammers are asking for you to supply information related to income reporting form W-2 that employers provide to employees around this time of year.
- Sophos often sees claims of free tax processing via e-file which are designed to gather your social security number. Stick with well-known services and never respond to email solicitations.
- Beware of documents containing macros. Sophos has seen an increase in use of topical things like filing taxes being used to infect victims with ransomware through booby-trapped Word and PDF documents.
- Prepare by implementing simulated phishing attacks, to expose high risk individuals within your company, and more importantly, provide them training before they’re faced with a real phishing attack.