Tax season is upon us. Companies have distributed their employee’s W-2 forms and other tax relation information to prepare for filing. However, cyber criminals are taking advantage of this time to work out ways to steal your sensitive information and hard-earned tax refunds. Don’t fall victim to W-2 scams!
Why the W-2 form?
The W-2 tax form is a responsibility of every employer engaged in a trade or business that pays for services performed by an employee. Nearly every employee in the United States receives one of these each year. These W-2 forms detail the employee’s name, address, Social Security Number, wages, tax deductions, and other personal information. Cybercriminals and tax scammers want this information so they can steal your identity, file fraudulent tax returns or sell it on dark web. With your W-2 in hand, these criminals can generate multiple streams of income from a single identity.
Recent research found that personally identifiable information, or PII scams, represent approximately 12% of all email attacks studied for this Barracuda Threat Spotlight on Business Email Compromise (BEC). These scams are often directed at departments like Human Relations, Finance, and Payroll because they have access to tax information.
W-2 scams do not represent a large segment of email-borne threats but they are very effective, and the number of people reporting this attack continues to grow. Internal Revenue Service reports more than 200 employers were victimized in 2017. This translates into hundreds of thousands of employees who had their identities compromised.
These attacks typically follow the same pattern with three distinct steps.
W-2 scams are a form of Business Email Compromise attack where the criminals impersonate executives or other business authorities to request W-2 forms. Scammers will often use domain spoofing or display name spoofing in their attempt to impersonate. These attacks may also originate from already compromised email accounts, making them even more difficult to detect with traditional email security.
These attacks contain requests for W-2 forms and often include a sense of urgency to put additional pressure on the recipient. Most W-2 email scams contain no malicious attachments or URLs and come from high reputation senders. Traditional email security that relies on blacklists, signatures, URL protection and sandboxing technologies will often miss this attack and allow delivery to a user’s inbox.
If the attack is successful, the data is sent to the criminal and will be used for identity theft, including fraudulent tax refunds. Because the data can also be sold on the dark web, the victim may suffer multiple incidents of identity theft. Organizations that discover W-2 scams often offer to pay for employees Identity Theft Protection services encountering tens of thousands of dollars in unexpected costs.
Preventing this type of attack requires the right technology and user security training. Barracuda’s Total Email Protection provides a comprehensive email security platform that integrates with Office 365.
- Anti-phishing protection: deploy purpose-built technology that doesn’t solely rely on looking for malicious links or attachments. One approach that is shown to be effective uses machine learning to analyze normal communication patterns within your organization. This allows the solution to spot anomalies that may indicate an attack.
- Anti-spoofing: domain spoofing is one of the most common techniques used in impersonation attacks. DMARC authentication and enforcement can help stop domain spoofing attacks. DMARC reporting and analysis helps organizations to set enforcement. Barracuda Sentinel is a solution that makes DMARC easy.
- Account takeover (ATO) protection: artificial intelligence can be used to detect compromised accounts, alert recipients, assist in investigations, and more. This is essential to blocking attacks from the compromised account.
- Data Loss Prevention (DLP): the right set of technologies and business policies will block emails with W-2 forms from leaving the company. In addition, other information
- Proactive investigations: perform regular searches on delivered mail to detect emails related to W-2 forms. It is recommended to do this frequently during tax season.
- Advanced computer-based training: require security training before tax season for HR/Payroll/Finance to raise awareness of W-2 fraud and how to report potential attacks.
- Simulated attacks: employ phishing simulation to evaluate and identify users who are most vulnerable to attack.
After an attack
If you have fallen victim to a W-2 scam, immediately report the incident to the IRS here. Advise your employees and launch an internal investigation to find the extent of the breach. It’s possible that the W-2 scam is part of a larger attack that has gone undetected.
Identify all recipients of fraudulent emails and look for additional compromised accounts in the process. Remove the malicious emails as you find them, and update your security by adding the sender to your blacklist to block future attacks.
Re-post from Barracuda Networks Blog