Cyber Security: IRS Warns About Widespread CEO Fraud W-2 Phishing Scam

The “IRS warns against widespread CEO fraud W-2 phishing scam” is perhaps a headline you’ve seen in the media lately, though didn’t pay enough attention. In a time when it seems there’s a cyber security story regarding a virus, phishing scam, or ransomware every day of the week, it’s easy to miss something that could affect your own company.

It’s worth every moment of time to pay attention to this particular scam, because it’s one of the most insidious out there. Not that most phishing scams aren’t, especially with so many fooling employees and top executives.

This new threat hones in on particular departments not typically used to seeing phishing links: HR and accounting. The problem is that those who work in these fields could get fake emails from the company CEO claiming to need W-2 forms on all employees.

Whenever these departments see something related to the IRS, panic likely sets in. Unfortunately, too many companies get duped, and your own company could potentially be next.

Take a look at what you need to know, and ways you can prevent this information security scam from fooling employees.

Warning Signs in the IRS Scam Email

Known as a spoofing email, these type of ploys are becoming all too common in impersonating someone within a company. Those who create these take the actual name of the CEO and place it in each email to make it look legit.

A common opening line in this IRS scam email is one kindly asking those in HR and accounting to turn over the above-mentioned W-2’s. These opening sentences are especially dangerous because they mimic exactly how most CEO’s address their workers.

What’s notable about this is some phishing scams get scoped out if they’re from foreigners. Sometimes email paragraphs are in slightly broken English as a subtle red flag.

The fact that W-2 forms contain Social Security numbers, dates of birth, addresses, and salary information, every employee in your company could have their identity stolen.

Addressing Your Company About the Threat

On March 1, the IRS put out an official warning about this new email threat, and gave sensible tips to help employees weed out anything suspicious. The IRS consistently recommends you always double-check an email’s validity before opening it. Doing so only helps improve diligence to protect the privacy of all company workers.

What’s most important is holding meetings with your employees so they’re in the know about this proliferating communication. All they have to do is email you or a superior to find out whether an email is real or not.

Regardless, anything related to money incites reactionary responses. It’s a natural trait phishers know makes every company vulnerable.

Awareness is the only key to overcoming this cyber security issue, but so is better IT management.

Investing in Better IT Management to Avert Danger

If you’ve had to cut back on your IT department this year, you’re already placing yourself in a more risky position. Even though you can give out warnings to employees about phishing emails, what happens if you overlook just one? It could end up compromising security for your employees and customers. Plus, it could potentially shut your system down, especially if it’s ransomware.

Using IT managed services, you have a dedicated team working remotely to safeguard your systems and network security. They already use preventative measures to eliminate the worst cyber and information security threats, and help block inbound emails that contain phishing links or viruses.

This only leaves more time for you, your HR, and accounting teams to focus on real work rather than constantly worry about stolen data.

Want to explore how you can protect your network and business? Download our complimentary Business Owner’s Guide to Data Protection & Security.