W-2 Phishing Scams: How Hackers Steal Tax Data

Posted: September 18, 2017 to News.

Tags: Malware, Data Breach, AI

Most people like to think of hackers as vultures that pick money out of people’s pockets when they’re vulnerable. They’re vicious, ugly, and it’s easy to tell that they’re bad. That’s not how hackers work though, because they’re much smarter than that. Instead of simply stealing from people through brute force or picking off the scraps of small vulnerabilities, hackers do something much smarter and effective. They disguise themselves and wait until the perfect moment to launch their attack. Hackers aren’t like vultures, they’re more like parrots. (Which are some of the smartest birds on Earth) They learn behaviors, imitate, and use their knowledge to steal from everyday people. Just look at what’s going on around Cincinnati for proof. It’s tax season in America, which means that people all across the country are scrambling to get their tax filings together. For most people, that means their W-2 forms will be in high demand for the next couple of weeks. Of course, hackers know this and are taking advantage of it. Chris Huntington is a IT security professional in Ohio. According to him, over 100 of his clients in the Cincinnati area reported seeing questionable email requests for W-2’s for tax purposes. Some of the requests have been easy to spot thanks to poor grammar and unfamiliar email accounts, but some have not, even going as far as being sent from human resource departments. The hackers behind the scam have even added links that request the victim to update their W-2 that when clicked download malware. It may seem obvious to you that you should never do something like send a W-2 through email, but the hackers have the advantage of people not fully understanding their taxes and simply wanting them taken care off. Thanks to their timing and methods, it’s inevitable that someone will have their identity stolen or have a device breached this tax season. After all, some people did fall for the infamous Nigerian Prince email scam. But you can’t just be careful around tax season or expect to always be able to spot a malicious email because hackers are patient, intelligent, and experts at imitating reputable sources, and they do it all year long. In this case they’re taking advantage of people during tax season, but gas pumps have been hacked during the summer when people are driving and taking their families on vacation, and Black Friday and Cyber Monday is a holiday for hackers thanks to the large amounts of online shopping. You can’t rely on hackers trying to steal your privacy and money with brute force attacks or poorly composed phishing scams like a vulture who preys on the weak. If they really want to breach your network, they will create the perfect imitations like a Parrot, and eventually they will slip past your guard. That’s why you have to be aware instead of just knowledgeable. You might know that it’s a bad idea to send a W-2 through email, but if you aren’t aware of other times of the year like Christmas or summer that hackers use to take advantage of people it won’t do you any good. You must be aware of all the latest cybercrime developments, trends, and breaches if you want to always be protected from hackers. Just like knowing about one type of hack won’t protect you from all hacks, knowing that hackers won’t target you because you’re an average person doesn’t mean a thing. You have to be aware that hackers cast a large net when looking for victims. Don’t mistake hackers for vultures, stay posted so you can be aware of all their tricks and trends.

Related Resources

Learn more about how Petronella Technology Group can help:

• incident response guide
• Contact PTG for cybersecurity help