Posts Tagged Phishing Attacks

What Is W-2 Phishing Attack?

W-2 phishing was launched with an intention to swipe away your tax refund. More than 100 employers became victim of W-2 phishing attack in first 10 weeks of 2017, putting 120,000 taxpayers at risk of an identity fraud. As per statistics by IRS Return Integrity Compliance Services, reports of W-2 phishing emails increased by 870% in 2017 and the figures are quite alarming.

How Is It Launched?

The cybercriminal shall send an email in which he might impersonate himself as the CEO of the company. The email contains an urgent request to send employee tax information. On receiving the email, the concerned employee often sends the file and hands over confidential & personal employee information to the fraudsters.

W-2s are important forms that are attached when one files their tax return. It contains a person’s confidential information such as name, address, income, social security number etc. Employee’s sensitive information is acquired from W-2s to commit an identity fraud.

Following are some ways in which this information can be misused –

  • Your social security number can be used to claim a duplicitous tax refund.
  • Take a loan on your name
  • Open up a new credit card
  • Make payments from your account

Ways To Protect Yourself From W-2 Phishing Attack

  • Raise Awareness – Since W-2 phishing attacks are on rise it is important to keep your staff aware about the phishing scam. Make sure that you educate your employees on regular basis about the recent phishing scams. It is important that your staff that deals with all the financial statements and tax information is aware about the W-2 and other similar threats.
  • Set Relevant Policies – To protect your company from such attacks, it important to set up some secretive policies and communicate them to your employees. There should be policies that decide what kind of requests should be catered to through an email. For e.g. when there is a policy that top executives would never ask for sensitive information via email, then the concerned employees would not be deceived by any fraudulent email asking for employee credentials. Also it is important to be vigilant when responding to any email.
  • Flags Spam Emails – If you are able to identify a W-2 phished email then flag it and forward it to your employer and other concerned employees to prevent them from falling into a trap.
  • Verify The Sender – Make sure that your employees do not revert to an email sent from an untrusted source. Follow a practice of reconfirming the request of sending any confidential information with the concerned executive once, before actually sending it.It is important to stay alert about such attacks to take preventive measures well in advance.

For more information about IT Security, call Centex Technologies at (254) 213-4740.

, ,

No Comments

Most Commonly Clicked Phishing Email Subject Lines

18th Oct 2017

Phishing emails with clickbait subject lines are increasingly being used to elude security filters and gain access to computer systems. According to Verizon’s 2017 Data Breach Investigations Report, two-thirds of all malware were installed via email attachments in 2016. 60% of malware were packaged in JavaScript attachments, while 26% were packaged in malicious macros embedded in Microsoft Office documents.

To avoid any phishing attacks you need to keep pace with the hackers who are coming up with dynamic new ways for launching a cyber-attack.  Email is the most widely used channel for a phishing attack because it is relatively easier to dupe people by sending fraudulent emails and trap them. They disguise as legitimate persons or companies and through fraudulent emails, direct users to a fake website in order to request for sensitive information and credentials.

These phishing emails, generally use subject lines, which encourage users to open email and click on link in it. Here we have listed some commonly clicked phishing email subject lines for you to take notice.

Social Media Email Subject lines –

  • Free Pizza – Who wouldn’t want one, but it comes at the cost of security breach. Hackers tend to play with human psyche as the word FREE is always appealing, and when the receiver opens the mail, they exploit it for their own benefits.
  • A message from your friend – Hackers sometimes use social engineering tactics to find out names of your close friends and relatives. They impersonate your acquaintances and send you an email which contains malware, to access your private information.
  • Reset Password
  • New message
  • Login alert
  • Unread Message
  • New Voice message
  • Account Validation Required

General Email Subject Lines –

  • Security Alert
  • UPS Label Delivery 1ZBE312TNY00015011
  • Urgent Action Required
  • BREAKING: United Airlines Passenger Dies from Brain Haemorrhage – VIDEO
  • A Delivery Attempt was made
  • All Employees: Update your Healthcare Info
  • Unusual sign-in activity
  • Your Bank Account will be Deactivated: Online Banking ALERT
  • Ready for your beach vacay?
  • You have won a Lottery
  • Direct Deposit of payment in your account
  • Bank transfer of 75000 USD
  • Your order #335515 placed on Sunday is paid.

What are the ways to avoid Phishing emails?

Educate yourselves and your employees about the phishing techniques and cognize them about ways to identify dubious mails. Do not click on random links sent in an email from an unauthorized sender, and to verify a site’s security, ensure that the site’s URL begins with ‘https’. Also avoid entering any personal information unless you are cent percent sure that the mail is sent by a trusted sender. Also make sure that you install an antivirus software on your system and use high quality firewalls.

,

No Comments