Tax season ramps up W-2 phishing scams February 09, 2017

The Internal Revenue Service (IRS) recently issued an urgent alert regarding a dangerous W-2 phishing scam that is targeting employers across a wide variety of sectors, including everything from businesses to schools to tribal organizations. Not only is this type of fraud becoming widespread, there is a unique twist to this scheme, designed to further compound the potential injury. After fraudulently obtaining the W-2 information, scammers send an immediate follow-up requesting a wire transfer of funds. When a company falls victim to this scam, not only do their employees face the possibility of tax fraud from the stolen W-2 forms, but the company also loses funds from the fraudulent wire transfer. It is a double whammy, and according to the IRS, it has already affected hundreds of organizations.

Scams related to tax forms are not a new problem – in fact, the IRS has been warning businesses and consumers alike for several years of criminal efforts to acquire employee information in order to hijack tax refunds (among other frauds). At its core, this latest scheme is a targeted phishing scam that employs social engineering techniques to deceive the recipient into thinking the requests are valid by using specific, credible information about the sender. In this case, the scammer sends a legitimate-looking email (usually from the CEO or other executive of the company) to HR, payroll, or accounting. The email typically heightens the recipient’s sense of urgency to ensure quick action, and it is proving to be quite effective.

There are a few basic guidelines that can help employees spot a scam

Any email directing an employee to violate standard policies and procedures for information sharing is a red flag that could indicate it is a phishing email.
Any email that directs someone to send or share sensitive information – passwords, W-2 forms, employee personally identifying information (PII) – through an external website, phone number, or email address is a major red flag.
Scammers’ requests for information are not isolated to email – they could use a phone call or a fax. The same rules apply; be wary of any request for sensitive information or wire transfer that is unusual, urgent, or does not follow regular policies or procedures.

Best practices for fighting W-2 and wire transfer phishing attempts

Require employees to independently verify any type of request for sensitive information that does not follow regular procedures. At a minimum, they should be directed to call their internal colleague (or the vendor or bank, if it is an external request) directly to confirm the request.
When the IRS issues an alert or when scams like these are reported in the media or through industry bulletins, convey that information to employees immediately so they understand what social engineering attacks look like and can spot them more quickly.
Insist employees report any phishing attempt — whether by email, phone, or fax — as a security incident. The attempt should be escalated according to policy, usually to the company’s security management team. Just making everyone aware that an attack was attempted can help employees stay alert.
Provide regular employee training on policies and procedures for secure data handling to ensure they understand the process. Stress that senior executives will never make requests that deviate from these policies and procedures.

Finally, it is important to keep in mind that while this particular phishing scam is targeting employees in HR or payroll, no department is immune. Phishing scams can easily hit a broad range of people in an organization. In many cases, email scams contain malware disguised as a simple file attachment or document link. Clicking on them infects the company’s computer system, giving the scammer access to sensitive information, user credentials, etc., to perpetrate all sorts of fraud.

With proper training and robust protocols governing data sharing, your employees can gain the knowledge needed to quickly detect and escalate these attempts to steal organizational information or funds. Educated employees who are on alert to fraud are your first — and often best — line of defense against cyber criminals.

Read More Stories Like This

Cyber SecurityInvestigations
North America
Brian Lapidus Practice Leader, Identity Theft and Breach Notification Practice

Brian Lapidus is a Practice Leader of the Identity Theft & Breach Notification (ITBN) based in Kroll’s Nashville office. Brian helps clients and their advisors, including boards of directors, legal counsel and insurance providers, resolve the myriad complex issues resulting from a data breach.

Read More

[Brian Lapidus]
Subscribe

No related items or featured insights found.

Contact Us

Contact Us

Call Us

General questions or inquiries?
+1 800.675.3772

Need help right away?
+1 212.593.1000

Email Us

Send us a message and we'll get back to you.

Send an email

Talk to an Expert

Want to talk to an expert directly?

Find an Expert
Media Contacts

Subscribe

Sign up for our email newsletters

Email Address Submit

How We Help
What We Do
Who We Are
Intelligence Center
Client Login

Twitter
LinkedIn
Youtube
Facebook
Google+

Site Map
Privacy Policy
State Licensing
Terms of Use
Cookies Policy
Code of Conduct
Subscribe

Copyright © 2017 Kroll All Rights Reserved.

Henry Ekechukwu speaks to Alexander Booth and Mark Simmonds about Kroll’s activities in Kenya

April 27, 2016 - kroll.com

Alexander Booth] Alexander Booth

On a recent trip to Nairobi, Mark Simmonds, Senior Consultant, Kroll and Alexander Booth, Associate Managing Director, Kroll spoke to Henry Ekechukwu about Kroll’s activities in the Kenyan market, and the type of work the company has been involved with across Africa for the past 20 years.

Kroll has developed strong relationships with clients in the region, providing due diligence, market entry and compliance support, helping investors understand the compliance and governance standards of their acquisition targets and joint venture partners.

Alexander and Mark highlight a number of key topics including:

Trends they are seeing in East Africa
Challenges being faced by investors interested in Kenya and East Africa
Dealing with regulatory and compliance challenges
Macroeconomic pressures over the last 12-18 months

Mark and Alexander discuss the obligations of Kenyan companies to keep their customer’s data safe and the growing importance of cyber security. The digitalisation of the Kenyan economy presents huge opportunity to investors.

Subscribe

Subscribe to receive the latest updates on trends and developments in risk prevention, response and remediation.

Sign Up

Related Tags

EMEA
Investigations

Featured Insights

2016 Anti-Bribery and Corruption Benchmarking Report
Kroll Global Fraud & Risk Report 2016/17

Contact Us

Contact Us

Call Us

General questions or inquiries?
+1 800.675.3772

Need help right away?
+1 212.593.1000

Email Us

Send us a message and we'll get back to you.

Send an email

Talk to an Expert

Want to talk to an expert directly?

Find an Expert
Media Contacts

Subscribe

Sign up for our email newsletters

Email Address Submit

How We Help
What We Do
Who We Are
Intelligence Center
Client Login

Twitter
LinkedIn
Youtube
Facebook
Google+

Site Map
Privacy Policy
State Licensing
Terms of Use
Cookies Policy
Code of Conduct
Subscribe

Copyright © 2017 Kroll All Rights Reserved.

7 Legal Tips for Working Parents

Managing a career while raising a family can present difficult challenges for many parents. These tips are designed to help working parents understand the laws that apply to time away from work and make the right decisions about benefits. Call your LegalShield provider law firm if you have any legal questions.

1. Family and Medical Leave Act (FMLA) – In the United States FMLA allows eligible employees to take a total of 12 workweeks of unpaid job-protected leave, in a 12-month period, for the birth or adoption of a child or to care for a sick child, spouse or parent. FMLA also allows 12 workweeks for you to recover from a serious illness that leaves you unable to perform essential functions of your job. Eligibility is based on how long you have worked for your employer and the number of workers they employ. Learn more about FMLA by reading the U.S. Department of Labor fact sheet. Additional benefits are available for families of injured service members. Some states mandate protections that exceed FMLA standards. Click here to learn more or contact your LegalShield provider law firm.
    
2. Employment Standards in Canada – In Canada employee leave is regulated by province or territory. Click here to learn more about the laws where you live or contact your LegalShield provider law firm.
    
3. Know Your Employer’s Leave Policies – Some policies may be governed by state, federal or provincial law while others may be at the discretion of your employer. When considering a new job, ask to review the leave and time away from work policies. Additional leave time, the way leave is calculated or the ability to work from home may be an extra incentive for working parents.
    
4. Review Health Coverage – Examine the costs and exclusions included in your health insurance plan. Adding a child or multiple children may be expensive. If both parents have employers offering insurance it is important to look beyond the monthly premium. How much are copays, deductibles and out-of-pocket maximums? Expectant parents should also understand the potential costs of labor and delivery and save accordingly.
    
5. Purchase Life Insurance – Life insurance is often more affordable when purchased through an employer. In most cases you cannot keep an employer sponsored policy when you leave. Carefully examine all of the options available and consider how much your children would need if something were to happen to you. It may be beneficial for women planning a pregnancy to purchase life insurance before becoming pregnant. Some health issues that may arise during or after pregnancy could affect the cost or ability to purchase insurance.
    
6. Consider Short- and Long-Term Disability Insurance – Working mothers should prepare for maternity leave by purchasing short-term disability insurance to cover any unpaid portion of their leave. This insurance generally needs to be purchased before becoming pregnant so plan accordingly. Long-term disability insurance is every bit as vital as life insurance. An extended illness can be financially devastating. Before you sign up for any insurance have your LegalShield provider law firm review the terms.
    
7. Savings – It is important to save first for emergencies. Once you have enough savings to cover one to two months without income you should begin saving for your children’s education. There are multiple options for college savings such as prepaid tuition plans and tax-advantaged savings plans. Examine all of your options to find out which plan is best for your family. Your LegalShield provider law firm can help you understand the terms and legal ramifications involved in saving for college.