FBI Issues Alert on an Increase in W-2 Phishing Scams

In a Public Service Announcement released on February 21, 2018, the FBI issued an alert regarding an increase in reports of compromised or spoofed emails requesting W-2 information, some of which included requests for unauthorized wire transfers. The FBI reports that the most popular version of this type of business email compromise (BEC) scam involves the impersonation of an executive within an organization coupled with the email targeting of a Human Resource (HR) professional within that same organization in an effort by the perpetrators to conduct mass data theft. The NJCCIC recommends all organizations review the FBI Public Service Announcement and educate their employees on how to identify social engineering schemes to prevent them from taking action on these scams. We also recommend organizations have a clear policy and procedure in place to handle requests for sensitive information and financial transactions that require the authorization and approval of more than just the sender and recipient of these requests. To report data loss or financial loss resulting from action taken on a W-2 or other BEC scam, follow the instructions provided in the FBI Public Service Announcement and also report incidents to the NJCCIC via the Cyber Incident Report form on our website.