The Internet Crime Complaint Center (IC3) has issued an alert on the increase in W-2-related phishing campaigns. Fraudsters often use tax-related phishing emails to get victims to provide personally identifiable information, click on a malicious link, or pay a ransom.
According to the FBI, beginning in January 2017, IRS’s Online Fraud Detection & Prevention (OFDP), which monitors for suspected IRS-related phishing emails, observed an increase in reports of compromised or spoofed emails requesting W-2 information.
Sometimes these requests were followed by or combined with a request for an unauthorized wire transfer. The most popular method remains impersonating an executive, either through a compromised or spoofed email in order to obtain W-2 information from a Human Resource (HR) professional within the same organization, stated the FBI.
The key to reducing the risk from W-2 phishing scams and BEC is to understand the criminals’ techniques and deploy effective mitigation processes. The FBI lists various methods to reduce the risk of falling victim to this scam and subsequently disclosing sensitive information or executing a fraudulent wire transfer.
- Limit the number of employees within a business who have the authority to approve and/or conduct wire transfers and handle W-2 related requests or tasks
- Use out of band authentication to verify requests for W-2 related information or wire transfer requests that are seemingly coming from executives. This may include calling the executive to obtain verbal verification, establishing a phone Personal Identification Number (PIN) to verify the executive’s identity, or sending the executive via text message a one-time code and a phone number to call in order to confirm the wire transfer request
- Verify a change in payment instructions to a vendor or supplier by calling to verbally confirm the request. The phone number should not come from the electronic communication, but should instead be taken from a known contact list for that vendor
- Maintain a file, preferably in non-electronic form, of vendor contact information for those who are authorized to approve changes in payment instructions
- Delay the transaction until additional verifications can be performed such as having staff wait to be contacted by the bank to verify the wire transfer
- Require dual-approval for any wire transfer request involving one or more of the following:
A dollar amount over a specific threshold
Trading partners who have not been previously added to a “white list” of approved trading partners to receive wire payments
New trading partners
New bank and/or account numbers for current trading partners
Wire transfers to countries outside of the normal trading patterns