By John Farley, Hub International
As the April 15 IRS filing deadline approaches, cyber criminals have found more ways to cash in on your employees’ personal data for profit. Healthcare leaders should be on the alert.
As one of the fastest growing social engineering scams on the market today, hackers pose as a company CEO or key executive via email, requesting copies of employee tax forms. Once they’ve garnered the complete set of W-2s, they quickly turn it into cold hard cash by selling it on the black market, earning anywhere from $4 to $20 a form (credit card numbers earn just $1 to $4 each), selling off individual pieces of employee identity (read: SS numbers, employer ID, address, etc.) and more commonly, filing taxes and pocketing refunds.
Known as W-2 phishing, this scam has trapped a surprisingly growing number of HR and Finance department executives in the last few tax seasons who unknowingly forward the hacker their organization’s fleet of W-2 forms. Last tax season, the IRS saw a 400 percent surge in W-2 phishing and malware incidents, and in 2015, the Federal Trade Commission reported that tax refund fraud was responsible for a nearly 50 percent increase in consumer identity theft complaints. [Read more…]