March 31, 2017 • Published by Steve Robb
Endpoint Security • Security Awareness • Social Engineering
Historically speaking, tax season is prime for tax-themed scams and social engineering attacks. Specifically, the number of W-2 tax phishing scams have peaked recently. Attackers and social engineers begin by targeting finance and HR departments with spear phishing emails that spoof C-level executives and request employee W-2 forms.
Recently, a cybersecurity firm fell victim to a W-2 phishing scam and had to inform its employees that their W-2 tax data had been compromised.
Fraudsters, cyber crooks and the rest of the Internet bad guys are using a variety of social engineering techniques related to different scenarios associated with tax filing. Organizations from the IRS to Microsoft are distributing warnings and self-help documentation to help prepare the public for the upcoming bombardment of threats associated with tax phishing.
Awareness remains the best defense against social engineering attacks. Stay aware and be cautious when opening suspicious emails, even if they appear to have come from someone you know. Email addresses can be easily spoofed. Avoid opening attachments or clicking on embedded links. And, if you're still concerned, delete the email and alert your IT department.
Learn more about how to protect your business from social engineering attacks by viewing our popular webinar, "Social Engineering: Hacking into the Human Mind."