March 7, 2018
In a world that is moving so fast sometimes we don’t see the obvious and cyber thieves know it. Don’t succumb to their trickery and become a statistic.
Cybercrime comes in many sizes and shapes as shown in the statistics and impact every business. Examples include ransomware, phishing, and theft of personal private information. However, as tax filing nears you or somebody within your organization will be subject to a social engineering scheme. You may have already seen firsthand an example of an attack. This is where an urgent email is sent to the Human Resource or Accounting Department requesting W-2s or a payment from someone purporting to be the CEO or owner.
Typically, these types of emails are urgent in nature, require immediate action, and occur late on a Friday afternoon in hopes that the recipient will respond quickly without thinking too much about what is being requested. According to Symantec’s 2017 Internet Security Threat Report, these types of emails have common threads that help decipher a potential issue.
Top Email subject lines according to Symantec:
Subject | Percent of social engineering emails |
Payment | 18.9 |
Urgent | 10.3 |
Request | 8.6 |
Attention | 7.3 |
Transfer | 2.4 |
W2 | 1.4 |
These cyber fraudsters get into your systems or websites and find enough information about the CEO or owner to make the email request look real. These criminals want W-2s to obtain your employees’ personal information to fraudulently file a tax return.
Should you experience a breach or release of W-2’s, you will need to comply with each state law. The laws vary but commonly you have a responsibility to notify any person whose information was potentially breached along with offering some form of credit monitoring for a specified amount of time.
Don’t become a statistic and let this happen to you or your employees! Make sure your employees are aware of these schemes and have proper procedures in place to avoid them from occurring. Also, consider procuring cyber insurance as a precautionary measure as property and crime policies typically do not cover these types of exposures. Coverage can be designed to your needs as an add on to your crime policy for the potential loss of money or via a cyber policy for the breech of data.
Contact a member of The Fedeli Group for further information.