Fortify Your Human Firewall Against Tax Fraud

Fortify Your Human Firewall Against Tax Fraud

It’s W2 time! You know it, I know it, and criminals know it. Every year dozens of human resource professionals fall victim to phishing schemes. Criminals target HR departments posing as C-level leadership, often with spoofed email addresses that look very similar to the correct email address, requesting a copy of the W2s for all employees. Eager to comply – and possibly flattered by the high-level outreach – unsuspecting employees may be tempted to hand over confidential records with disastrous effects.


No CEO would ever request copies of employees’ W2s.


If the scam is successful …

Assuming an attacker successfully acquires the W2s that they’re after, they will use the data to commit identity theft, fraudulently file tax returns, and route refunds to their bank accounts. When the unsuspecting employees go to file their returns, they are rejected. This is generally the first indication an individual has that there’s an issue with his or her record.

Don’t fall for the scam.

Remind your organization of these tips:

  • Pause for a moment. Anytime you receive an email that’s out of the ordinary, pause before clicking on any links, downloading any content, or replying with any sensitive data. ‘Out of the ordinary’ can refer to the sender, the topic, or the request.
  • Verify the request. Call the person that appears to have emailed you to verify the legitimacy of the request. If you’re hesitant to call the sender, such as the CEO, that could be an indication that they didn’t email you.
  • Report the phish. The sooner your security team is aware that your organization is a target, the sooner they can block and defend against a potential data breach. Make it easy for your employees to report suspicious behavior.

What creative awareness tactics are you using to train your team to defend against cyber threats?


Need to enhance your cyber security awareness and training program? Revolutionary Security can help.

Request a Meeting


About the Author

Mary Dziorny, PhD

Mary Dziorny is a Senior Cybersecurity Consultant with over 9 years of experience in the cybersecurity field and over 20 years of experience in the education and training field. She has designed, developed, and implemented many training programs over the course of her career, including two comprehensive enterprise wide security awareness programs. Mary began her career in IT and technical training at Ericsson, Inc. and Richland Computer Training Institute. From there, she moved to The University of Texas at Dallas where she served as the University’s Educational Technology Coordinator for 5 years before moving into the Information Security Office. There she created the University’s first security awareness program, comprised of 11 security awareness classes in two certificate programs in addition to numerous outreach activities aimed at students, faculty, and staff. Six years later, she left the University to create the first comprehensive security awareness program for Southwest Airlines, encompassing 67,000 employees in all job roles across 100 locations in 7 countries.

Share this post