As the U.S. tax season winds down, a worrying new cyber threat has emerged that every company needs to be aware of.
Criminals are now aiming to steal employees’ tax information by impersonating their employers.
Perpetrators have successfully pulled off this scam at companies such as Weight Watchers International and Seagate Technology PLC -among others- causing the IRS to issue an alert about the danger at the beginning of April.
This new scam can cause a lot of potential problems, including affecting victims for years to come and delaying tax returns for all employees at targeted companies, as extra checks are put in place.
The attack is a version of the straightforward and efficient Phishing scheme.
An email, purporting to come from a senior executive of an affected company, is sent from a false email address that looks real. The email asks HR or other departments to forward employees’ W-2 forms or tax related information.
The recipients, believing the email to be genuine, either forward it to staff who reply directly, or collect the requested information and send it back.
The collected tax data is then sold on the black market where it’s used to complete fraudulent tax returns and claim refunds. As the W-2 forms include employees’ Social Security numbers, along with their addresses, salaries, and other personal information, they can also be used for identity theft.
At least 50 companies have reported being victims of the attack this season, according to tax officials, and criminals have targeted all sizes of businesses.
How to protect your employees
The first thing to do is alert your staff to the danger, warn them to be vigilant and try to ensure that they don’t answer suspicious-looking emails or messages from unverified addresses.
Of course, in a busy office with hundreds of emails being sent every day, it’s possible for a well written and executed Phishing attack to still slip through, despite the best efforts of your employees.
In addition to educating your workforce, an excellent second line of defence is to use employee monitoring software.
Monitoring software can be installed remotely onto all of your employees’ devices and can be used to monitor all activity, from the applications and websites used, to all communications and files accessed.
The software can even be customized to alert managers if specific keywords, such as Tax or W-2, are found, or used in any email or IM messages. The manager can then check the message to ensure it’s legitimate before being sent around the company and causing damage.
It’s a great way to see if there is any unusual activity and prevent hacks.
Do you know anyone that’s been affected by a tax scam? Or – do you know of any other solutions for preventing this type of scam from happening?
Let us know in the comments!