W-2 Phishing Scams: 3 Ways to Protect Yourself

It's that time of year again-it's TAX SEASON! Every year on April 15th, millions of Americans file their taxes, with the more fortunate getting a payout from the state and federal government. Despite the promise of earning tax money back, some people, (even the U.S. president himself) forego paying taxes altogether. This isn't a good thing. Not to sound too preachy, but it's every Americans' civic duty to pay their taxes. Do you want better roads? Pay your taxes. Do you want a better education for your tots? Pay your taxes!

Paying your taxes isn't all that complicated anymore either. Companies like TurboTax and H&R Block have streamlined the whole process. By simply typing in a few numbers from your W-2, your taxes are completed and filed for you electronically. All you have to do is sit back and wait for your tax return.

Unfortunately, this streamlined process has come under fire by cybercriminals. Seeing that small businesses and NGOs are sending their employees an electronic W-2, cybercriminals have found a way to get into the system and steal tens of thousands of W-2 forms. To protect your small business and the identities of your employees, invest in a cybersecurity insurance plan and follow these cyber safety tips!

Taxes and Identity Theft: How Are They Related?
In 2015, the IRS learned of a new scam hitting the electronic market: Business Email Compromise or BEC. A BEC scam resembles a phishing scam, in that an email is written targeting a specific mark. The emails are written to look like they have been drafted by an organization's CEO (remember 2016's Snapchat hack) and sent to Payroll Services. The email will ask for the earnings and W-2 documents of the staff. Thinking the email has come from management, Payroll Services complies and sends the confidential documents. The cybercriminal then uses these documents for banking information, easily stealing employee identities.

According to IRS commissioner John Koskinen, BEC attacks are some of the worst cyberattacks the agency has seen in some time. Koskinen said the BEC scam "is one of the most dangerous email phishing scams [the IRS] has seen in a long time."

In 2016, over 145 organizations (ranging from small businesses, schools and NGOs) were hit by a BEC scam, hitting 29,000 people with identity theft and tax fraud. Don't add your business to the IRS' statistics. Learn how to fight back against cybercriminals!

1. Train your staff to avoid "phishy" emails. The cybercriminal tool set evolves almost as quickly as a software update. As result, your spam email software won't be able to flag every phishy email that comes through. Train your staff on how to spot irregular emails. Some red flags of a phishing email include:

  • Poor grammar
  • Spelling mistakes
  • Faulty web links
  • Mismatched URLs
  • Asks for private information

And let your employees know never to share accounting information via email, even it seems that the boss is asking for it.

2. Get a cyber insurance plan. People make mistakes. An employee could miss the important cybersecurity meeting and later that week click on a link in an email that infects the entire network. A cyber insurance plan will cover the financial damages of this costly mistake. In essence, be prepared for the inevitable.

3. Change all passcodes routinely. Have your staff change their passwords at least once a month and make it a rule not to share passwords in person or via email. No one employee should be able to access another employee's information, the only staff members who should have that authority are upper management.

Just by taking some time to update your cybersecurity, you've already better served your employees and organization at large. To find a cyber insurance plan that'll cover you when you need it most, visit CyberPolicy today.

Insurance shopping simplified

Review personalized quotes, select coverages, and buy online - Everything insurance, all-in-one-place.
© 2010 - CoverHound LLC - All rights reserved.
PO Box 9070, Carlsbad, CA. 92018-9070
CyberPolicy®, "Plan. Prevent. Insure."™, and "CyberCheckup"™ are trademarks of CoverHound LLC
DBA: CoverHound Insurance Solutions - CA License No. 6005304