W-2 Fraud – Tax Season and All Year Long

Share Now

Facebook
Twitter
LinkedIn

It’s the time of year when Taxes are on everyone’s mind – especially Phishers!

The stress of filing.  The stress of gathering all the documents.  The stress of reporting.  The stress of the deadline.  All of that on top of everything else you have to do this time of year makes tax time phishing a favorite and highly successful annual event for phishing scams. However, once the filing is completed, it doesn’t mean the campaigns will stop.  W2 and CEO fraud are timeless phishing campaigns that run all year long.

Whether aimed at individuals or businesses, tax time phishing scams and W2 fraud are in high season now.  Some of the simplest requests come through as CEO fraud-type requests without a link or a payload to be delivered and others come through as links to spoofed forms asking for data input.

The below email pretends to be sent from the “CEO” of the customer company to the VP of Finance who used PhishMe Reporter to send it to PhishMe Triage to be further analyzed.

The example below is another form of the same attack.

Phishing threat actors have enjoyed a great success using W-2, BEC, and CEO fraud attacks and we can expect that this trend has only begun. The risks associated with lost data, lost funds, and public disclosure following these successes are very real but not insurmountable and not preventable. Instead, organizations can leverage a holistic phishing defense strategy by doing a few things proven to stop attackers from succeeding.

  • Condition and empower the people in your organization to recognize and report phishing attempts
  • Arm your information security professionals to quickly research and respond to threats with the most actionable threat intelligence and incident response platforms—whether in-house or through a service like PhishMe’s Managed Triage.

Stay clear of phishing threats – sign up for our complimentary PhishMe Threat Alerts, delivered straight into your inbox in real-time and at no cost to you.

Search

We use our own and third-party cookies to enhance your experience by showing you relevant content, personalizing our communications with you, and remembering your preferences when you visit our website. We also use them to improve the overall performance of our site. You can learn more about the cookies and similar technology we use by viewing our privacy policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.

This site is registered on wpml.org as a development site.