ELEVATE YOUR HIPAA COMPLIANCE: Explore Our Enhanced Toolkit Today
Access Toolkit
Purchase Toolkit
Back to Blog

W-2 phishing season is here…again

As the tax season gets underway, you can bet that cyber criminals are doing their tax preparations for W-2 phishing; they’re preparing to dupe hundreds of payroll and HR departments into providing W-2 data on their employees. These scams will inevitably lead to the filing of fraudulent tax returns, other identity theft cases and class-action lawsuits against companies that fell for the scams in the first place.

“The bad guys are starting their tax scams early this season!” warns Stu Sjouwerman, founder and CEO of KnowBe4. He says that cyber criminals are now combining two scams-in-one. “First, they ask you to send them the W-2 forms of all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cyber criminals.”

Be proactive and consider these tips:
1. Perform awareness training so your employees recognize when they’ve received a W-2 phishing email.
2. Implement a policy for your organization that no W-2 information will be requested via email.
3. Require that employees verify any and all email requests for W-2 information, even those that express an urgency in the message.

“Remember that when you receive sudden requests like this,” Sjouwerman says, “they may be spoofed emails and that you should double check by picking up the phone and verify that this is a legit request coming from that executive.”

Furthermore, take heed to announcements from the Internal Revenue Service, like the one last month where the IRS warned of an email scam that targeted Hotmail users and was being used to steal personal and financial information.

The subject line of that phishing email read: “Internal Revenue Service Email No. XXXX | We’re processing your request soon | TXXXXXX-XXXXXXXX”. The email led taxpayers to sign in to a fake Microsoft page and then asked for personal and financial information. While the IRS reported that the suspect websites associated with this particular scam have been shut down, taxpayers should be on the lookout for similar schemes.

Take note also that the IRS generally does not initiate contact with taxpayers by email to request personal or financial information. Check out the Tax Scams and Consumer Alerts page on IRS.gov for updates.

To find out how the HIPAA experts at PrivaPlan can assist you with awareness training, and the many other services we provide, contact us at info@privaplan.com or call 877-218-7707.

Related Posts

Recent Posts

Categories
Tags
AI Articles artificial intelligence Blog board Breach business associate CISO cyber risk cybersecurity cybersecurity awareness training electronic medical records email breach executive order Federal HIPAA Changes Final Rule health care health privacy HIPAA hipaa compliance HIPAA Training Meaningful Use Medicare multi-factor authentication OCR ONC passwords PHI phishing Policies & Procedures policies and procedures Privacy Quotes Ransomware Security Security Risk Analysis security training Service Technology Testimonials toolkit Training Materials two-step authentication website analytics website trackers

Get Started Today

Email us at info@privaplan.com or submit the form below:

Sign Up for Updates

Contact PrivaPlan

Telephone Sales & Support
505-466-1432  or
Toll Free: 1-877-218-7707
Fax: 505-466-3942

E-Mail Sales & Support
Customer Support: support@PrivaPlan.com
Sales: orders@PrivaPlan.com

Mailing Address:
PrivaPlan
5 Caliente Rd, Ste 3,
Santa Fe, NM 87508

© 2024 PrivaPlan Associates, Inc, all rights reserved.

FOLLOW US

Linkedin Envelope

Access PrivaPlan Toolkit

Click here to access

Access CMA-PrivaPlan Toolkit

Click here to access

Sign up for updates

  • Be Proactive In Compliance

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.