Beware: A Cybersecurity Threat May Be Diverting Your Paycheck

01/31/2018

Be aware of a tax scam which aims to steal your refund.You may recall the early-2017 news coverage regarding the release of thousands of W-2s.  The 2018 version on this scam appears in employee inboxes.  It looks like a legitimate email from a high-level employee in the organization, typically someone in human resources or finance.  The hackers have tailored the email to the targeted organization, and the email contains a link to an apparently credible survey or electronic signature request.  At the end of the “survey,” employees are asked to supply their complete login credentials for the alleged purpose of authenticating their identity.  

By revealing such credentials, employees who fall prey to the scam expose the organization to substantial cybersecurity risks. In addition, the hackers are using the credentials provided to divert employee payroll direct deposits to alternate bank accounts causing financial losses, data breach notification obligations, and a wide range of other issues.

While you prepare to file your taxes, stay on the lookout for fake emails or websites whose sole purpose is to obtain your personal information. The IRS will never initiate contact with a taxpayer regarding a refund or a bill. If you believe you’ve received a phishing email, purporting to be from the IRS, you should send it to phishing@irs.gov.

Also, consider filing your taxes as soon as possible, before fraudsters begin requesting phony tax refunds belonging to you. For an in-depth take on this scam, visit krebsonsecurity.com.

Related Blog Posts

Make Your Work Life More Productive

Ideas for making work more enjoyable for you and your employees. Full story...

Eat, Drink and Be Wary

by Lisa Lake, Consumer Education Specialist, FTC Full story...

Warm Fall Weather Draws Hundreds of Families to Racine’s Boo at the Zoo

Full story...