Fresh FBI Warning Issued Following Spike in W-2 Phishing Campaigns

The Federal Bureau of Investigation has issued a fresh warning to businesses due to a significant rise in phishing attacks targeting payroll employees. The aim of the phishing attacks is to obtain copies of the W-2 forms of employees. Data on the forms is used for identity theft and tax fraud.

Last year saw record numbers of attacks on businesses, educational institutions, and healthcare organizations. In some cases, the W-2 form information of thousands of employees was emailed to scammers by payroll employees. The IRS reports that there were at least 200 businesses targeted and more than 900 complaints were received about tax-related scams.

The Internal Revenue Service’s Online Fraud Detection & Prevention division has been monitoring for phishing scams impersonating the IRS and has recorded a sharp increase in email scams. While some email scams have targeted consumers, businesses are most at risk.

Consumer-focused scams typically involve IRS-themed emails, whereas attacks on businesses typically see company executives and the CEO impersonated. The emails request copies of W-2 forms for employees who have worked in the past fiscal year.

The scammers typically research companies to identify the format of emails used, the name of the CEO and executives, and payroll and accounts department employees to target. Some scams involve spoofed email addresses, others have seen the emails accounts of executives compromised, adding legitimacy to the requests.

In many cases, once the attackers have obtained W-2 Form data a further request is sent requesting a wire transfer. Several organizations have fallen for these scams, which may not be detected for days, weeks, or months.

The email scams can be convincing and difficult to detect, especially when email accounts have been compromised. However, if basic security best practices are followed, risk can be minimized.

The FBI recommends:

  • Out of band authentication of all requests for copies of W-2 Form and tax-related information
  • Limiting the number of employees who have access to employee tax information and are authorized to make wire transfers
  • Implementation of procedures that require changes to bank account information of suppliers to be verified by phone with the telephone number taken from a contact list
  • Procedures requiring wire transfers over a set threshold to be subjected to more rigorous security checks, including verification by more than one member of staff
  • Dual approval of wire transfers for all new trading partners and for non-standard transactions, including transfers to overseas accounts
  • Delaying transactions to allow additional verifications to be performed

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.