It’s not surprising that hackers use W-2 phishing scams during tax season. Taking advantage of topical and popular subjects is at the heart of social engineering. But, the W-2 scams don’t usually target taxpayers.
According to the article on CSO Online, “The W-2 scam tries to take advantage of folks in accounting, controller and HR roles by presenting urgent
requests for employee W-2 information. These messages arrive during a time of the year when individuals in these roles fully expect to receive messages from time-stressed CFOs or even CEOs requesting urgent action.”
Hackers, being the clever folks that they are, have now figured out a way to extend tax season scams by going after taxpayers. Apparently Americans are angry that the new Trump tax law didn’t result in larger refunds. And anger, or any strong emotion, is what hackers try to exploit in phishing attacks.
According to an article on CPA Practice Advisor, “One significant but underreported unintended consequence of the Trump tax cuts is how taxpayer anger is leading to the proliferation of new social engineering attack techniques – ones that play to the heightened emotions of those who feel wronged by the Administration, Congress, the IRS or a combination thereof.”
While phishing attacks in the past were primarily targeted at millennials, the current wave exploiting anger cuts across generational lines. The article correctly points out that “For hackers and cyber criminals, it doesn’t matter whether or not taxpayer anger is justified. What does matter to them is that a portion of the U.S. population is very unhappy, and as such, highly susceptible to a well-crafted social engineering attack.”
The article goes on to give two pieces of advice to avoid becoming a victim: avoid outrage on social media and don’t leave comments in forums or new sites. Both are good advice, but by themselves, insufficient.
In addition to the aforementioned advice, what the article should have added is to purchase low-cost, cloud-based phishing protection technology for those times you just have to get something off your chest.
Getting angry is part of being human. Asking people to control that anger isn’t practical. What is practical is taking advantage of technology that never gets angry. If you think that sounds like a good idea, head on over to cloud-based phishing protection with Advanced Threat Defense risk free for 30 days. You’ll be protected in 10 minutes, and that should bring a smile to your face.