Stolen W-2’s Are Still Being Sold on the Dark Web

Over the last few years, several companies have been struggling with the theft of private W-2 forms filled out by employees. The execution of this attack is presented via email. The attacker will pose as a relevant figurehead in order to extract the W-2’s.

Earlier this year, Brigham Gonzalez spoke on his experience after receiving a call from his sister,

“She had received a letter from my previous employer stating that all of the [information on the] W-2s had been stolen. Somebody pretending to be upper level management just kind of bluffed their way into getting one of the employees to fax over all of the W-2s.”

Most commonly, if W-2s are stolen through fraudulent terms, the attacker will gain access to private information. This information includes names, addresses, Social Security numbers, earnings, and deductions.

After the recent theft of multiple businesses 2016 W-2s, the attackers are once again offering W-2 bulk bundles for $35 to $40 on the black market.

This information leak has been reoccurring for several years now. If your business falls prey to the W-2 scam, contact the IRS immediately with the information that was stolen.

Alternatively, if you are uncertain on the legitimacy of an email regarding tax information, contact the IRS. Despite the corrupt overall vision that many citizens claim, the IRS is still very good at identifying scams.

Business Management Daily explains this on the matter,

“This year, the IRS was able to stop a little under a million phony returns. But once one door closes, ID thieves pry open another. That explains the W-2 phishing attempts that occurred this tax season, she added. Often, these emails will start off chatty from the company’s “CEO”—“Hi, how was your weekend”—and then go in for the kill—a request that you send employees’ names and Social Security numbers in a PDF document.”

In conclusion, take the necessary precautions to avoid W-2 scams in the upcoming tax seasons.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil