Champion Solutions Group, SecurityOps Alert message
By Dan Powers
As you should already beware , “social” engineering to gain access to information is nothing new. However it has come to our attention that a very specific campaign around social engineering has been identified by the IRS and FBI around “spear phishing” during this tax season. SPEAR PHISHING is targeting users that have specific access to personal information, and in this case employee information regarding employees’ “tax” information such as:
1. W2 forms
2. Social Security Numbers
3. Date of birth
The attack comes in the form of an e-mail, seemingly from the company board members, CEO/CFO/etc. The email is requesting information to close out the company’s books and financial statement for the year. Look at the example email below:
From: <seemingly your Boss or high lever director>
Subject: Required information ASAP
Kindly send me the individual 2015 W-2 (PDF format) and earnings summary for all W-2 employees of the company for our internal review today.
Email Signature that LOOKS like internal e-mail
Please take extra steps by informing your organization of this type of attack, and setup some guidelines for passing along “sensitive” information. It can be as simply as a code word, or better yet a call before releasing ANY personal information during this tax season, don’t fall victim to this targeted scam.