Phishing Scam : How to protect against them

Phishing scam is a type of online scam where criminals send an email that appears to be from a legitimate company asking you to provide sensitive information.

Phishing scam is usually executed through email messages, phone calls or websites. Cybercriminals contact the potential victims through these channels and try to convince them to install malicious software on their devices. Or they use social engineering to convince their targets to hand over their personal information.

Moreover, phishing scam is often used to gain a foothold in corporate or governmental networks as a part of a larger attack, such as an advanced persistent threat (APT) event. In this latter scenario, employees are compromised in order to bypass security perimeters, distribute malware inside a closed environment, or gain privileged access to secured data.

What is a W-2 phishing scam

One of the ways a W-2 scam is carried out is when the scammer pretends to be a member of upper management and targets a more junior member of the organization. A phishing scam email from the cybercriminal requests that the target employees — usually in the finance, payroll or human resources departments — send W-2 forms for inspection. The emails appear legitimate and may sometimes include a phishing scam link.

The cybercriminal can send these phishing emails from a stolen email address or even from what appears to be a genuine email address with a few minor changes. A different “Reply-to” address can be set in the email so that when a victim replies with a W-2 form, the reply goes to an account under the attacker’s control, and not to the address it appears to have originated from.

It is important to realize that these documents contain tax and wage information for employees as well as their Social Security number, home address and employment location. Once these documents are obtained, the criminals could file fraudulent taxes or post this information for sale on the dark web where cybercriminals can use to it commit other crimes like identity theft.

How to help prevent W-2 scams

Inform and educate your employees to be cautious of fraudulent emails. Do not click on links and attachments in emails from unknown senders, or act on requests that seem unusual or don’t follow normal procedures. Avoid providing personal information when answering an email, unsolicited phone call, text message or instant message.
Additionally, do not reply to any emails that seem suspicious. Obtain the sender’s address or phone number from the corporate address book and ask them about the message. Never use the contact information provided in the email.
Never enter personal information in a pop-up web page or anywhere else that you did not initiate.
Keep security software and all other software programs updated.
Report security warnings from your Internet security software to IT immediately. Chances are they aren’t aware of all threats that occur.

Cybercriminals are getting more sophisticated and operate with an arsenal of tools to attempt to file fraudulent tax returns and maybe commit other forms of identity theft. Being aware of these traditional scamming methods is a good first line of defense.

How to report a phishing email

As the line between our real life and digital life blurs with advancements in technology, it is important to be mindful of your personal information’s security. Keeping your digital devices, such as smartphones, PCs and laptops, protected with Norton Security Premium is one measure of online information security. It comes with online storage for file backup and multiple device protection that helps keep malware and viruses at bay. To help protect your identity, trust LifeLock. Lifelock uses monitoring technology and alert tools to help proactively safeguard your credit and finances.†

This unique combination of having Norton Security and LifeLock, two industry leaders in digital safety helping guard your digital life, will help you explore the Internet safely.

As you get your paperwork ready for the tax season stay safe and help keep your digital life protected.