Fraudsters are putting a new twist on imposter or business email compromise fraud. The fraud still starts out with a spoofed or compromised email address appearing to be from an executive, but instead of sending an email asking for a wire to be processed, the fraudster is asking for employees' W-2 documents. With tax season underway, the ultimate goal is to obtain information to commit tax refund fraud. There's also the chance that the data can be used for other types of fraud, identity theft, or worse, amended tax returns (1040X).
It isn't just about W-2 data - these scams can target anything that's of value to your company. The bottom line: Warn your employees that there is a new strain of imposter fraud requesting confidential information. It should be standard policy that a request for such data should be verbally verified.
Click here for more information about this new scam.
For more best practices, visit our Fraud Prevention Center.
This material is provided for informational purposes only. The conclusions expressed are based upon limited information available to Silicon Valley Bank regarding your company's fraud detection and prevention programs, and should not be seen as a substitute for obtaining your own independent assessment of such programs. The security of your operating system and your procedures for conducting banking transactions with us remains your responsibility. Silicon Valley Bank is not responsible for any cost, claim or loss associated with your use of this material.
Krebs on Security is not affiliated with Silicon Valley Bank or any of its affiliates.