Wednesday, February 3, 2021
In recent years, there has been an uptick of W-2 phishing scams, and their consequences for an employer extend well beyond leaked data, including potential employee class action litigation. Just last week, a federal court in Illinois rejected a motion for class certification in a data breach case alleging disclosure of employees’ sensitive tax information and additional personal information, in
A W-2 phishing scam, is a simple cyberattack, but can be highly successful. It consists of a phishing e-mail sent to an employee, generally in the Human Resources or Accounting department, and designed to appear to come from an executive within the organization. The e-mail requests that the recipient forward the company’s W-2 forms, or related data, to the sender. This request aligns with the job responsibilities of both parties to the email. Despite appearances, the e-mail is a fraud. The scammer is “spoofing” the executive’s identity.