Call Us 866.940.1101 ☰ ˟
866.940.1101
Logo
  • Home
  • About Us
    • About Us
    • Employee Directory
    • Partners Page
    • Event Calendar
    • Refer a Friend
  • Get A Quote
  • Products
    • Lawyers Malpractice Insurance
    • Professional Liability Coverage For Attorneys
    • Accountants Professional Liability
    • Dentist Malpractice Insurance
    • Business Owners Policy
    • Cyber Liability Insurance
    • Workers Compensation Insurance
    • Title Agents E&O Insurance
    • Paralegal Malpractice Insurance
  • Testimonials
  • Common Terms
    • Common Terms
    • Frequently Asked Questions
  • Blog
  • Contact
  • Areas We Serve
    • Grand Rapids, MI
    • Detroit, MI
    • Lansing, MI
    • Kalamazoo, MI
Home > Blog > Cyber Liability--HR & Payroll Departments Targeted in W2 Scam
TUESDAY, FEBRUARY 7, 2017

Cyber Liability--HR & Payroll Departments Targeted in W2 Scam

Human Resource and payroll departments should be aware of an IRS alert that was released on January 25, 2017 providing information about an email phishing scam making its way across the country.  The scam originated last year, and the goal of the scam is to gain access to personal information contained on employee W-2 forms.  Cybercriminals will send an email to an HR or payroll department using a corporate officer’s name (such as the company CEO), and request a list of employees, their social security numbers, and W-2 information be sent to them.  

Below is verbatim verbiage that may be contained in the phishing emails:
  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Once the personal information has been obtained, the data is used to file fraudulent tax returns in order to claim the tax refunds.  The IRS urges HR and payroll departments to double check any executive level or unusual requests for release of W-2 forms and social security numbers.

In April 2016, Kalamazoo College was targeted and the personal information of about 1,600 students, staff and faculty of the college was mistakenly released when their W2 forms were sent to a phony entity.   According to President Eileen Wilson-Oyelaran, a college employee received an email requesting employees' 2015 W2 forms.  "The email was designed to appear as though a Kalamazoo College administrator sent it.”  "Believing the email to be legitimate, the employee replied to the message and attached faculty, staff and student employees' 2015 W2s."

In a Cloudmark Security blog by Tom Landesman, the first step of the phishing scheme begins with a bit of research about a company. Scraping popular forms of public data, such as LinkedIn and Twitter, often yields the names and titles of many employees in a company.  “Then, a quick search for the company’s website will often provide the name of the domain used in their email.” “With these items in hand, attackers now have their target’s email address as well as the email of a higher ranking member of the company — often a CEO or CFO.”  In the first quarter of 2016, at least 55 companies had fallen victim to these phishing schemes.

Organizations should prepare for these cyber threats by developing awareness programs and instructing employees to question requests for sensitive data no matter the source.  Anti-virus or other technology will not be enough to prevent every type of phishing attack.  Key employees of the company should be immediately alerted if something seems suspicious.  Other techniques to safeguard information include developing policies that require verification from a second person when it comes to releasing personal information.  Michael Overly, partner at Foley & Lardner, has developed a checklist for employers to follow when considering cybersecurity policies. 

While HR has historically not been responsible for IT issues, when people become the problem with technology, HR needs to take a proactive approach to partner with their technology teams to help educate employees and develop policies and procedures in order to safeguard both company and employee personal information.
Posted 12:28 PM

Tags: cyber insurance, data breach
Share |


1 Comments

Edelweiss HR & Payroll Services said...
A great piece of useful & informative content. Thanks for sharing with us.
WEDNESDAY, MAY 09 2018 3:45 AM

Post a Comment
Required
Required (Not Displayed)
Required


All comments are moderated and stripped of HTML.

NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2023
  • 2022
  • 2021
  • 2020
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2013
  • 2011

  • lawyers professional liability insurance(429)
  • attorney malpractice insurance(399)
  • attorney malpractice(337)
  • legal malpractice(225)
  • legal liability(134)
  • cyber insurance(106)
  • data breach(92)
  • ethics(87)
  • erp(57)
  • malpractice insurance(55)
  • claims(39)
  • title agency e&o(36)
  • accountant e&o(34)
  • extended reporting period endorsement(30)
  • tail(29)
  • phishing(25)
  • legal malpractice insurance(23)
  • prior acts(22)
  • claims made coverage(21)
  • extended reporting period(21)
  • cyber security(20)
  • cyber liability(18)
  • accountant errors & omissions(18)
  • claims reporting(18)
  • crime insurance(16)
  • ransomware(16)
  • claim prevention(16)
  • attorney protective cle(14)
  • the hartford weekly newsletter(14)
  • attorney protective cle webinar(14)
  • 2022 mcgowan pro cpe webinar for accountants(13)
  • professional liability insurance(13)
  • mcgowan webinar series for cpas 2021(12)
  • retirement tail(12)
  • attpro tip of the month(12)
  • business owners insurance(11)
  • legal liability insurance(11)
  • fee suits(10)
  • full prior acts(10)
  • cyber crime(10)
  • accountant errors & omissions insurance(10)
  • prior acts date(9)
  • step rating(9)
  • non-practicing erp(9)
  • bop(9)
  • cyber liability insurance(9)
  • title agent errors & omissions(9)
  • claims made(9)
  • coverage(8)
  • webinar(8)

View Mobile Version
Logo
Quick Links
Home Our Products Customer Service Payment Options Common Terms
About Us Refer A Friend Our Carriers Blog Contact Us
Location
2430 Camelot Ct SE
Grand Rapids, MI 49546

Local: 616.940.1101
Toll Free: 866.940.1101
Email: info@L2ins.com
Facebook Twitter Social LinkedIn
© Copyright. All rights reserved.
Powered by Insurance Website Builder