A pattern of successful phishing attacks against organizations across multiple industries has occurred within the last month targeting finance or human resources personnel. In recently documented attacks, successful phishing emails were made to look like C-suite executives sent them. These phishing attacks are designed to elicit improper release of a company’s employee Wage and Tax Statements for 2015 to unauthorized third parties with the intent to file fraudulent Federal and State tax refund requests. Form W-2s contain sensitive personal information to include Names, Addresses, Social Security numbers, and salary information.
June 30, 2016