W-2 Phishing Scams: Will They Affect You and How Can You Protect Yourself?

W-2 forms are an essential part of our working lives in the U.S. At the end of each year, a company will provide employees and the IRS with their W-2 form. The employee then uses this form to fill in their taxes. The W-2 form contains a lot of personal details, including annual wages, taxes withheld, the Employer Identification Number (EIN) and the employer’s state ID number. It also contains personal data such as employee name, address and Social Security number.

All of these data are like a carrot to a donkey in terms of attracting cybercriminals. And it is the desire for these data that has been the driver for the development of the W-2 scam.

W-2 scams are a form of identity theft that involves socially-engineered phishing techniques. Because of the intrinsic link with taxes, the scams usually happen around tax season; as such, W-2 scams have now become kind of annual ritual in the U.S.

What Exactly Is a W-2 Scam?

A W-2 scam is part of a general socially-engineered phishing campaign. The campaign’s aim is to get copies of employee W-2 forms, so they can be used to get access to monies, including tax returns.

The phishers use behavioral manipulation and trickery to ensure their phish is successful. The scam is often compared to a Business Email Compromise (BEC) scam because it is very similar in execution, only with the target item being the W-2 form rather than sequestering general company funds.

A typical W-2 scam would involve the following steps:

  1. The cybercriminal will choose an organization — usually one where there are enough employees to make the effort of surveillance and phishing worthwhile.
  2. They then carry out surveillance on the organization to identify a key executive-level worker, usually someone in HR or payroll.
  3. (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Susan Morrow. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/cpJVj0UgR0k/