[BreachExchange] Why are companies falling for the W-2 scam?

[Audrey McNeil]

http://www.indystar.com/story/news/crime/2017/02/27/why-
companies-falling-w-2-scam/98347144/

The IRS warned businesses a year ago that companies nationwide had been
falling for a nasty scam targeting W-2 tax forms.

The W-2 phishing scam has sucked in an increasing number of victims since
that 2016 alert, including at least four employers in Indiana.

In Indianapolis, information for employees of Scotty's Brewhouse, Monarch
Beverage Co. and American Senior Communities was handed over to the
criminals. In Elkhart, Patrick Industries, maker of laminate panels,
granite countertops and other construction products, also fell prey to the
W-2 scam.

Betsy Isenberg, director of the Indiana Attorney General's Consumer
Protection Division, said a Central Indiana school received the phishing
email but didn't take the bait. Instead, Isenburg said the school notified
the Attorney General's office.

In the four data breaches, the information of thousands of Indiana
employees has been compromised. The identity thieves typically use the W-2
information to file fraudulent tax returns.

Why have these thieves been so successful?

The bad guys have done their homework. They research their victims and make
the email requests for the data appear legitimate.

“This is a new twist on an old scheme using the cover of the tax season and
W-2 filings to try tricking people into sharing personal data," IRS
Commissioner John Koskinen said in a March 1, 2016, news release.

Isenberg, of the Indiana Attorney General's office, said these thieves are
more sophisticated than most.

"It's not like some of the spam emails people receive," Isenberg said.
"These are being masked very, very well."

The email looks like it was sent by the chief executive officer or another
high-ranking company official, according to the IRS. It asks an
unsuspecting worker in payroll, accounting or human resources to reply and
attach W-2 tax forms for all employees.

One email, according to the IRS, said: "Kindly send me the individual 2016
W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick
review."

Another said: "I want you to send me the list of W-2 copy of employees wage
and tax statement for 2016, I need them in PDF file type, you can send it
as an attachment. Kindly prepare the lists and email them to me asap."

Most bosses won't ask for this kind of information to be sent via email,
according to the experts.

“If your CEO appears to be emailing you for a list of company employees,
check it out before you respond," Koskinen said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170227/980d5719/attachment.html>