Phishing & Spoofing & Malware, Oh My!

The IRS is warning human resource and payroll departments about an ongoing email scam.  This type of email phishing known as “spoofing,” uses a corporate officer’s name to request W-2 information.

If you receive an email requesting W-2 information, even if from an executive level associate, it may be worth your while to confirm the legitimacy of the request.  This can be done by sending a separate email to the official who requested the information, or by placing a quick phone call, to let him/her know you are double checking that the email you received is valid.  A national taxpayer awareness campaign called “Taxes, Security, Together” offers tips you can use to make your data more secure.  Visit https://www.irs.gov/individuals/taxes-security-together to read more about this campaign.  Lastly, always remember that the IRS does not send unsolicited emails or request sensitive data via email.

 

Online SecurityEmails containing attachments can contain malware which may infect your computer or allow a cybercriminal to steal information from your computer.  If you receive a suspicious email, even if it appears to come from a known source, you should never open the email (or especially an attachment) if you have the slightest inclination that the email may not be legitimate.  Some tips to identify suspicious emails are:

  • Hover your mouse over any links in an email.  If the links appear suspicious, do not click on them.
  • If the email contains poor spelling or grammar, it is possible the email may be a scam.
  • Beware of emails marked as “urgent” or requesting “immediate attention.”  Emails that request information or payment with an “or else” threat are often used to intimidate the recipient into providing information or payment for criminal use.
  • Check to see if the time the email was sent appears out of the ordinary (not during usual business hours).

Use your instincts – if you have a suspicious feeling, chances are the email you received may not be credible.