FBI Warns of Spike in W-2 Phishing Campaigns

A recent FBI public service advisory warned of an increase in reports of compromised or spoofed emails involving W-2 forms.

The Federal Bureau of Investigation is warning businesses about a spike in phishing campaigns requesting W-2 information from payroll personnel.

In a recent security advisory the FBI warned it has seen an increase since January in reports of compromised or spoofed emails involving W-2 forms. These emails, coming during the IRS’s tax filing season, can put staffers’ social security numbers and other important personal information at risk, it said.

“This scam is just one of several new variations of IRS and tax-related phishing campaigns targeting W-2 information, indicating an increase in the interest of criminals in sensitive tax information,” said the FBI’s advisory.

The FBI said recent scams include attackers impersonating an executive from inside a targeted organization that seeks to obtain W-2 information from an HR professional.

Separately, the Internal Revenue Service warned of similar W-2 -related phishing attacks in a January advisory. “The Form W-2 scam has emerged as one of the most dangerous phishing emails in the tax community,” the IRS noted.

In several reported cases to the IRS, after the fraudsters acquired the workforce information, they immediately followed up with a request for a wire transfer. Because of the nature of these scams, the IRS said that some businesses and organizations did not realize for days, weeks or months that they had been scammed.

“As all threats do, these W-2 scams continue to evolve, and we’ll see a ramp up in a major way from when people expect to receive their W-2s up until tax day in April,” Troy Gill, Manager of security research at AppRiver, told Threatpost. “Precautions start with just basic best practices and hygiene in terms of email security. It goes a long way to just get in the practice of not opening an attachment from an unknown sender.”

One safeguard for businesses is to maintain a file, preferably in non-electronic form, of vendor contact information for those who are authorized to approve changes in payment instructions, suggests the FBI. Businesses can also delay any transactions until additional verifications can be performed – including having staff wait to be contacted by the bank to verify the wire transfer.

Phishing scams related W-2 information have been increasing overall – according to the IRS. Reports regarding this particular scam from both victims and non-victims jumped to approximately 900 in 2017, compared to slightly over 100 in 2016. The IRS also said that in 2017, more than 200 employers were victimized, “which translated into hundreds of thousands of employees who had their identities compromised.” 

Suggested articles