At Southwestern Payroll, we take the security of your company’s data and personal employee information very seriously. We use the most advanced technology and best business practices to ensure that security. However, once that data is provided to your organization, there are new threats to consider.
BEC attacks: The new threat.
With every tax year, cyber criminals find increasingly clever ways to attempt to infiltrate your secure W2 information, and we’d like you to be aware of a growing trend – Business Email Compromise (BEC) attacks.
These types of attacks play on the trust relationships that exist within the company, such as spoofed email addresses from the CEO, CFO, or another person of authority that is requesting sensitive information. Take care to remind employees to question requests for sensitive data, no matter the source, and alert key members of the organization when suspicious. One currently circulating tactic features an email that appears to be from the CEO of your company requesting W2s for “a quick review”. These criminals use information from company websites and other sources to identify key employees.
Get a clear understanding of what you can do.
Train your employees!
It’s worthwhile to note that even the most sophisticated anti-virus software programs and robust firewalls cannot protect organizations from these types of attacks. They key to preventing BEC attacks is empowerment! Train your employees to be aware of suspicious emails requesting W2 or other sensitive information, always ask for verification, and never click on links or open attachments in emails they are not expecting.
If you have reason to believe you have received an attempted phishing email, forward it to the Federal Trade Commission. If you have received a phishing email appearing to be from the “IRS”, please forward it here.