By now, you’re probably very familiar with phishing scams. Every day, businesses have more and more malicious emails flooding their inboxes. Some are packaged with trojan horses like ransomware or malware, while others simply attempt to trick recipients in a Business Email Compromise (BEC) scam, disguising themselves as a company executive to gain access to protected files.
These kinds of phishing attempts have grown exponentially over the past several years, and the numbers are scary. It’s currently estimated that more than half of all emails are spam.
What makes HR departments such an attractive target for phishing scams?
In short, Human Resources is ripe with data. HR teams are responsible for recruiting talent, onboarding, benefits enrollment, employee relations, and are closely intertwined with payroll. This means that HR’s systems are filled with Personally Identifiable Information (PII) of company employees, contractors, and even applicants. Many HR professionals also have access to financial applications that work in tandem with payroll departments. These personnel records contain highly sensitive data that fraudsters are after when trying to breach company walls.
How does tax season impact your risk?
The threat of a phishing scam is always there, but especially so during the first three months of each year. Tax fraud is appealing to cybercriminals because, quite simply, it’s a very lucrative “business.” In 2016, the Internet Crime Complaint Center (IC3), received more than 12,000 complaints of tax fraud resulting from BEC scams. The losses associated with these complaints topped $360 million.
We know from customer and industry data that BEC scams continue to be on the rise. According to the IRS Return Integrity Compliance Services, W-2 phishing emails increased 870% in 2017.
It’s no surprise that cybercriminals get especially aggressive around tax season. BEC scams are successful at an alarming rate. Nearly one in four organizations that reported receiving a W-2 phishing email acknowledged they had fallen for the scam.
The time to protect your employees is now.
Regardless of what industry you’re in, make sure that your entire staff is prepared to recognize a phishing email – especially those in human resources and payroll. Here are some processes and procedures that you can put in place to protect yourself, your employees, and customers from falling victim to a BEC W-2 phishing scam.
For more tips on securing sensitive company information during tax season, be sure to check out this article by IdentityForce CEO, Steven Bearak.