23 Mar Phishing scams designed to obtain worker W2 data
Human resources professionals in New York and around the country know that the amount of phishing emails they receive is likely to go up during February and March. This is the period when most employees file their taxes, and HR departments must often contend with numerous requests for replacement W-2 forms. The information found on W-2 forms can be used to file bogus tax returns or apply for credit cards, and reports surfacing in March 2016 indicate that several large companies have been compromised by scammers seeking this valuable data.
The reports indicate that even major technology companies like Snapchat and Seagate Technology are not above falling for the basic human engineering approaches employed by hackers. According to the reports, human resources departments at several companies were sent emails requesting W-2 information that appeared to have been sent by senior executives. Representatives of some of the companies involved have apologized for the security breach and have offered to pay to monitor the credit of the workers affected.
The IRS says that it has noticed a fourfold increase in the number of malicious computer-related incidents during the annual tax-filing season, and the agency even released a statement on March 1 that advised companies to be on the lookout for bogus requests for W-2 data. While law enforcement has yet to identify the senders of the phishing emails, similar initiatives in the past are said to have been the work of hacker groups based in Eastern Europe.
The penalties for tax fraud, identity theft and other white-collar crimes can be severe if a conviction is obtained. However, the evidence in these cases is often complex and difficult for juries to understand, and prosecutors may sometimes choose to negotiate a plea agreement with criminal defense attorneys even when the evidence at their disposal appears compelling.