SCAM ALERT: Employee W2 Scam

An old email scam is taking a new twist this tax season. This new threat has the potential to cause a catastrophic security breach and it only takes one employee to make this common mistake.

We have written about emails that come from a CFO or President of a company requesting financial records, where the email address has one minor change.

This email scam has similar characteristics in that it typically comes from an email address resembling the President or CFO of the company and will have one or two indiscernible characters changed. However, this request asks the recipient to send all active W-2s. Unfortunately, there are not any common “Red Flags” such as links or attachments included in the email, this time it is just waiting for a user to reply.

If the recipient falls victim to this mistaken identity, within a few short minutes, they have just emailed someone outside of their company the personal information of all of their employees. This information includes each employees’ full name and Social Security number.

How do we prevent this?

  • Pay attention to any email that is requesting any financial or personal information.
  • Before sending any information, follow up with the sender with a phone call to ensure that the request is legitimate.
  • Educate your staff on the importance of being vigilant.
  • Invest in an email monitoring system such as Reflexion to help mitigate the threat of email phishing scams.
  • Call a Hilltop Technical Consultant to discuss any threats or concerning emails that you may have received so they can confirm the security of your network.
Please contact Hilltop Consultants today to learn more about how you can protect yourself against phishing scams and other similar IT security threats.