BEWARE: CEO Fraud And W-2 Phishing Scam Combined
The IRS warned that phishers started a new scam which is particularly nasty and dangerous. This scam combines CEO fraud (where email attacks spoof the CEO and a high-risk employee) and W-2 phishing (where scammers impersonate "the boss" asking for an employee to send their tax info). Per a new “urgent alert” issued by the U.S. Internal Revenue Service, internet criminals have now combined both schemes and at the same time are targeting a much wider range of organizations than ever before. The IRS urgent alert also said that scammers are targeting a much wider range of organizations in these W-2 phishing schemes, including school districts, healthcare organizations, chain restaurants, temporary staffing agencies, tribal organizations and nonprofits. People who are not required to file a return can still be victims of refund fraud, and even people who are not actually due a refund from the IRS.
“This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinensaid. “Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.” W-2 phishing scams started in Feb last year, and caused lots of victims.
What should you do? Follow the advice of the folks at knowbe4.com, and send an email to all of your highest value and highest risk employees such as CEO, COO, Owners, Shareholders, Board Members, folks in accounting and IT, that says something like:
[ALERT] The bad guys are starting their tax scams early this season! They are now combining two scams-in-one. First, they ask you to send them the W-2 forms of all employees, with the email looking like it comes from the CEO or a C-level executive. Next, they follow up with an urgent request to transfer a large sum of money to a bank account controlled by these cyber criminals.
Remember that when you receive sudden requests like this, they may be spoofed emails and that you should double check by picking up the phone and verify that this is a legit request coming from that executive. In these cases, it's "OK to say NO to the CEO".
This tax season, stay alert for scams like this, and Think Before You Click!
Read the full post from KnowBe4.com for full details