By now, you’re probably very familiar with phishing scams. Every day, businesses have more and more malicious emails flooding their inboxes. Some are packaged with trojan horses like ransomware or malware, while others simply attempt to trick recipients in a Business Email Compromise (BEC) scam, disguising themselves as a company executive to gain access to protected files.
These kinds of phishing attempts have grown exponentially over the past several years, and the numbers are scary. It’s currently estimated that more than 80% of all emails are spam.
What makes HR departments such an attractive target for phishing scams?
In short, Human Resources is ripe with data. HR teams are responsible for recruiting talent, onboarding, benefits enrollment, employee relations, and are closely intertwined with payroll. This means that HR’s systems are filled with Personally Identifiable Information (PII) of company employees, contractors, and even applicants. Many HR professionals also have access to financial applications that work in tandem with payroll departments. These personnel records contain highly sensitive data that fraudsters are after when trying to breach company walls.
How does a W-2 phishing scam work?
All businesses and their employees are targets for W-2 scams. This malicious scheme has become one of the more dangerous email scams as it puts sensitive business information and employee PII in the hands of criminals. Here’s how W-2 phishing scams work:
- Cybercriminals send an email that appears to be from an executive or organization leader to a payroll or HR employee.
- The message beings with a simple greeting, such as: “Hey, are you in today?” or “Can you help me with this?” and leads to the criminal asking for all of an organization’s Forms W-2 for their employees to be sent over via email.
- It may take weeks for payroll or HR to realize a data theft has occurred.
- The cybercriminals will quickly take advantage of their theft, filing fraudulent tax returns before the employee can file them.
How does tax season impact your risk?
The threat of a phishing scam is always there, but especially so during the first three months of each year. Tax fraud is appealing to cybercriminals because, quite simply, it’s a very lucrative “business.” We know from customer and industry data that BEC scams continue to be on the rise, especially relating to the COVID-19 pandemic. In 2019, the Internet Crime Complaint Center (IC3), received more than 24,000 complaints of BEC scams, with losses topping $1.7 billion.
The time to protect your employees is now.
Regardless of what industry you’re in, make sure that your entire staff is prepared to recognize a phishing email – especially those in human resources and payroll. Put in place processes and procedures to protect yourself, your employees, and customers from falling victim to a BEC W-2 phishing scam.
Experience our suite of protection services for yourself with a Free Business Trial.