Donnerstag, 23. Februar 2017

The Southbourne Tax Group: Beware the Latest Tax-Season Spear-Phishing Scam



You may have heard from the CEO scam: that's where spear-phishers impersonate a CEO to hit a company for sensitive information.

That's what happened to Snapchat, when an email came to his payroll department, masked as an email from CEO Evan Spiegel and asking for employee payroll information.

Snapchat's payroll department fell for it. Ouch.

Here's a turn of the same type of screw: the Internal Revenue Service (IRS) last week sent out an urgent warning about a new tax season scam that wraps the CEO in a W-2 scam, then adds a dollop of wire fraud On top

A W-2 is a US federal tax form, issued by employers, which has a wealth of personal financial information , including taxpayer.

This new and nasty dual-phishing scam has moved beyond the corporate world to target nonprofits such as school districts, health care providers, chain restaurants, temporary staffing agencies and tribal organizations.

As with previous CEO spoofing scams, the crooks are doctoring emails to make the messages look like they're coming from an organization's executive. Send the phishing messages to employees in payroll or human resources, the criminals request a list of all employees and their W-2 forms.

The scam, sometimes referred to as business email compromise (BEC) or business email spoofing (BES), first appeared last year. This year, it's not only being sent to a broader set of intended victims; It 's the first time.

In a new twist, this year's spam scamwich also features a follow-up email from that "executive", sent to payroll or the comptroller, asking for a wire transfer to a certain account.

The wire transfer scam is not tax-related: it's just hitching a ride on the tax-related W-2 scam. Some companies have swindled twice: they've lost both employees' W-2s and thousands of dollars sent out via the wire transfers.

The WS scam is the first W3 scam to be used in the W2 scam.

If your business has already fallen for the scam, it can file a complaint with the Internet Crime Complaint Center (IC3), operated by the FBI. Employees whose W-2 forms have been stolen by the Federal Trade Commission or the IRS identity theft.

The IRS says did employees shoulderstand therefore file a Form 14039 Identity Theft Affidavit (PDF) if Their Own tax returns get rejected Because of a duplicate Social Security number or if Instructed to do so by the IRS.

How to sidestep the scam

But before you know what you're doing, you'll be able to do it.

Unfortunately, that's getting tougher as crooks get more and more cunning. Case in point: the carefully crafted, well-disguised attack that led to the hacking of Clinton's campaign chair John Podesta's Gmail account. The attack relied on a shortened.

Screenshots of the Bitly link used against this posting, but it's not the same.

One step can protect against phishing attacks. Even though strong passwords do not help if you're phished (the crooks get the strong anyway), they make it much harder for crooks to guess their way in.

Use two-factor authentication when you can. That way, even if the crooks phish your password once, they can not keep logging back into your email account.

So, consider using Sophos Home. The free security software for Mac and Windows blocks malware and keeps you away from risky web links and phishing sites.

Keine Kommentare:

Kommentar veröffentlichen

 
 
Blogger Templates