Tax season ramps up W-2 phishing scams February 09, 2017
The Internal Revenue Service (IRS) recently issued an urgent alert regarding a dangerous W-2 phishing scam that is targeting employers across a wide variety of sectors, including everything from businesses to schools to tribal organizations. Not only is this type of fraud becoming widespread, there is a unique twist to this scheme, designed to further compound the potential injury. After fraudulently obtaining the W-2 information, scammers send an immediate follow-up requesting a wire transfer of funds. When a company falls victim to this scam, not only do their employees face the possibility of tax fraud from the stolen W-2 forms, but the company also loses funds from the fraudulent wire transfer. It is a double whammy, and according to the IRS, it has already affected hundreds of organizations.
Scams related to tax forms are not a new problem – in fact, the IRS has been warning businesses and consumers alike for several years of criminal efforts to acquire employee information in order to hijack tax refunds (among other frauds). At its core, this latest scheme is a targeted phishing scam that employs social engineering techniques to deceive the recipient into thinking the requests are valid by using specific, credible information about the sender. In this case, the scammer sends a legitimate-looking email (usually from the CEO or other executive of the company) to HR, payroll, or accounting. The email typically heightens the recipient’s sense of urgency to ensure quick action, and it is proving to be quite effective.
There are a few basic guidelines that can help employees spot a scam
Any email directing an employee to violate standard policies and procedures for information sharing is a red flag that could indicate it is a phishing email.
Any email that directs someone to send or share sensitive information – passwords, W-2 forms, employee personally identifying information (PII) – through an external website, phone number, or email
address is a major red flag.
Scammers’ requests for information are not isolated to email – they could use a phone call or a fax. The same rules apply; be wary of any request for sensitive information or wire transfer that is
unusual, urgent, or does not follow regular policies or procedures.
Best practices for fighting W-2 and wire transfer phishing attempts
Require employees to independently verify any type of request for sensitive information that does not follow regular procedures. At a minimum, they should be directed to call their internal
colleague (or the vendor or bank, if it is an external request) directly to confirm the request.
When the IRS issues an alert or when scams like these are reported in the media or through industry bulletins, convey that information to employees immediately so they understand what social
engineering attacks look like and can spot them more quickly.
Insist employees report any phishing attempt — whether by email, phone, or fax — as a security incident. The attempt should be escalated according to policy, usually to the company’s security
management team. Just making everyone aware that an attack was attempted can help employees stay alert.
Provide regular employee training on policies and procedures for secure data handling to ensure they understand the process. Stress that senior executives will never make requests that deviate from
these policies and procedures.
Finally, it is important to keep in mind that while this particular phishing scam is targeting employees in HR or payroll, no department is immune. Phishing scams can easily hit a broad range of people in an organization. In many cases, email scams contain malware disguised as a simple file attachment or document link. Clicking on them infects the company’s computer system, giving the scammer access to sensitive information, user credentials, etc., to perpetrate all sorts of fraud.
With proper training and robust protocols governing data sharing, your employees can gain the knowledge needed to quickly detect and escalate these attempts to steal organizational information or funds. Educated employees who are on alert to fraud are your first — and often best — line of defense against cyber criminals.
Read More Stories Like This
Cyber SecurityInvestigations
North America
Brian Lapidus Practice Leader, Identity Theft and Breach Notification Practice
Brian Lapidus is a Practice Leader of the Identity Theft & Breach Notification (ITBN) based in Kroll’s Nashville office. Brian helps clients and their advisors, including boards of directors, legal counsel and insurance providers, resolve the myriad complex issues resulting from a data breach.
Read More
[Brian Lapidus]
Subscribe
No related items or featured insights found.
Contact Us
Contact Us
Call Us
General questions or inquiries?
+1 800.675.3772
Need help right away?
+1 212.593.1000
Email Us
Send us a message and we'll get back to you.
Send an email
Talk to an Expert
Want to talk to an expert directly?
Find an Expert
Media Contacts
Subscribe
Sign up for our email newsletters
Email Address Submit
How We Help
What We Do
Who We Are
Intelligence Center
Client Login
Twitter
LinkedIn
Youtube
Facebook
Google+
Site Map
Privacy Policy
State Licensing
Terms of Use
Cookies Policy
Code of Conduct
Subscribe
Copyright © 2017 Kroll All Rights Reserved.
Books Shop
Henry Ekechukwu speaks to Alexander Booth and Mark Simmonds about Kroll’s activities in Kenya
April 27, 2016 - kroll.com
Alexander Booth] Alexander Booth
On a recent trip to Nairobi, Mark Simmonds, Senior Consultant, Kroll and Alexander Booth, Associate Managing Director, Kroll spoke to Henry Ekechukwu about Kroll’s activities in the Kenyan market, and the type of work the company has been involved with across Africa for the past 20 years.
Kroll has developed strong relationships with clients in the region, providing due diligence, market entry and compliance support, helping investors understand the compliance and governance standards of their acquisition targets and joint venture partners.
Alexander and Mark highlight a number of key topics including:
Trends they are seeing in East Africa
Challenges being faced by investors interested in Kenya and East Africa
Dealing with regulatory and compliance challenges
Macroeconomic pressures over the last 12-18 months
Mark and Alexander discuss the obligations of Kenyan companies to keep their customer’s data safe and the growing importance of cyber security. The digitalisation of the Kenyan economy presents huge opportunity to investors.
Subscribe
Subscribe to receive the latest updates on trends and developments in risk prevention, response and remediation.
Sign Up
Related Tags
EMEA
Investigations
Featured Insights
2016 Anti-Bribery and Corruption Benchmarking Report
Kroll Global Fraud & Risk Report 2016/17
Contact Us
Contact Us
Call Us
General questions or inquiries?
+1 800.675.3772
Need help right away?
+1 212.593.1000
Email Us
Send us a message and we'll get back to you.
Send an email
Talk to an Expert
Want to talk to an expert directly?
Find an Expert
Media Contacts
Subscribe
Sign up for our email newsletters
Email Address Submit
How We Help
What We Do
Who We Are
Intelligence Center
Client Login
Twitter
LinkedIn
Youtube
Facebook
Google+
Site Map
Privacy Policy
State Licensing
Terms of Use
Cookies Policy
Code of Conduct
Subscribe
Copyright © 2017 Kroll All Rights Reserved.
7 Legal Tips for Working Parents
Managing a career while raising a family can present difficult challenges for many parents. These tips are designed to help working parents understand the laws that apply to time away from work and make the right decisions about benefits. Call your LegalShield provider law firm if you have any legal questions.
- Family and Medical Leave Act (FMLA) – In the United States FMLA allows eligible employees to take a total of 12 workweeks of unpaid job-protected leave, in a 12-month period, for
the birth or adoption of a child or to care for a sick child, spouse or parent. FMLA also allows 12 workweeks for you to recover from a serious illness that leaves you unable to perform essential
functions of your job. Eligibility is based on how long you have worked for your employer and the number of workers they employ. Learn more about FMLA by reading the U.S. Department of Labor fact sheet. Additional benefits are available for families of injured service members. Some states mandate protections that
exceed FMLA standards. Click here to learn more or contact your LegalShield provider law firm.
- Employment Standards in Canada – In Canada employee leave is regulated by province or territory. Click here to learn more about the laws where you live or contact your LegalShield provider law firm.
- Know Your Employer’s Leave Policies – Some policies may be governed by state, federal or provincial law while others may be at the discretion of your employer. When considering a
new job, ask to review the leave and time away from work policies. Additional leave time, the way leave is calculated or the ability to work from home may be an extra incentive for working
parents.
- Review Health Coverage – Examine the costs and exclusions included in your health insurance plan. Adding a child or multiple children may be expensive. If both parents have
employers offering insurance it is important to look beyond the monthly premium. How much are copays, deductibles and out-of-pocket maximums? Expectant parents should also understand the
potential costs of labor and delivery and save accordingly.
- Purchase Life Insurance – Life insurance is often more affordable when purchased through an employer. In most cases you cannot keep an employer sponsored policy when you leave.
Carefully examine all of the options available and consider how much your children would need if something were to happen to you. It may be beneficial for women planning a pregnancy to purchase life
insurance before becoming pregnant. Some health issues that may arise during or after pregnancy could affect the cost or ability to purchase insurance.
- Consider Short- and Long-Term Disability Insurance – Working mothers should prepare for maternity leave by purchasing short-term disability insurance to cover any unpaid portion
of their leave. This insurance generally needs to be purchased before becoming pregnant so plan accordingly. Long-term disability insurance is every bit as vital as life insurance. An extended
illness can be financially devastating. Before you sign up for any insurance have your LegalShield provider law firm review the terms.
- Savings – It is important to save first for emergencies. Once you have enough savings to cover one to two months without income you should begin saving for your children’s education. There are multiple options for college savings such as prepaid tuition plans and tax-advantaged savings plans. Examine all of your options to find out which plan is best for your family. Your LegalShield provider law firm can help you understand the terms and legal ramifications involved in saving for college.
PR News Wire SpaceDaily.com Widget Page
The content herein, unless otherwise known to be public domain, are Copyright 1995-2017 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes.
Play free games at Kongregate
Play free games at Kongregate
Give Life - Red Cross PSA from Eric Dies on Vimeo.