Spear Phishing attacks in 2016
2016 gave rise to a new spear phishing campaign targeting entire companies and organizations. These new phishing attacks are responsible by steeling the W-2 U.S. tax records of employees working in these compromised companies during 2015. They are in form of emails sent by the CEO (or any other high manager) requesting the staff member to urgently provide his W-2 form.
Once the data is provided, the hackers can fill in a tax return in the employee’s name and transfer the money received into his own accounts. The data enabling the send out of these emails can be easily gathered from social media where the title and work email address of a person can be usually found. With all the details at hand, there is absolutely nothing now to prevent the hackers from sending out the fraudulent emails.
Since the beginning of 2016, at least 55 companies fall victim to this method of spear phishing attacks.
Since identity theft and attacks aimed on tax returns where going one since 2014 and 2015, in a different form though, (instead of emails from senior managers they targeted a the prepaid debit cards used to issue tax refunds by the government ) what could have been done to prevent or minimize as much as possible these new attacks?
First of all, employees have to be mindful not to delay their tax return forms.
In addition, it is very important to constantly monitor the credit reports and ask each year for a free credit report. One can place an initial fraud alert on his credit files for free, in which case the creditors will must have to ask for permission before opening any new account.
There is also an option for freezing the credit, which will restrict access to all credit reports preventing creditors from viewing one’s credit report on file and as a consequence they will not be able of extending credit .
Information and guidance on these topics can be found on the following websites:
( The link below also contains a list of companies which were attacked by spear phishing )