Spear Phishing continues to be an issue for everyone, including government.
Today the Minnesota Department of Revenue issued a warning on spear phishing attempts aimed at payroll and HR departments. The scammers are spoofing company executives asking for copies of employee’s W-2 forms. The emails look authentic and during the busy tax season employees are more likely to just respond quickly and inadvertently release the forms to the cyber criminal.
Over 126,000 individuals were affected by spear phishing scam in 2016 and it looks like the perpetrators are doubling their efforts this year. What makes this attack to vicious is that W-2 forms contain most of the information necessary to steal that person’s identity. The missing pieces are not that hard to track down. Once someone loses control of their identity it can take years to repair the damage.
Don’t let this happen to you. You can stop these attacks by always being suspicious of emails and following the “Stop. Connect. Confirm.” process recommended by MN Revenue every time you’re asked for sensitive information:
Stop. Connect. Confirm.
- Stop – Stop for a moment before complying with the request and sending that information.
- Connect – Connect with the person who sent you the request by phone or by walking over to see them. Do not respond to the email to get confirmation of the sender’s identity. The sender may be a criminal who has disguised their identity by spoofing your colleague’s email address.
- Confirm – Confirm with the executive requesting the information that their request is legitimate.
We continue to blog about spear phishing as it continues to be a problem that is difficult to resolve. Feel free to review my business partner’s other recent posts on spear phishing cyber threats and 5 Ways to Spot Spear Phishing emails.
You can read the full bulletin here on W-2 Spear Phishing.
Written by:
James Matheson
President & Partner of Network Medics
Minnesota Business IT Consultant