Protecting Education: How to Safeguard Against Fraudulent Attacks
In a recent report from CSO, a leading cybersecurity outlet, it was revealed that 110 organizations fell victim to successful phishing attacks targeting their W-2 records. This unfortunate incident put over 120,000 taxpayers at risk for identity fraud. Despite warnings issued by the IRS in early February, employees continue to be lured by the tactics of cybercriminals, resulting in detrimental consequences.
The modus operandi of this highly effective phishing scheme is quite simple yet devastating. Malicious actors impersonate the CEO or President of a company and send an email to a CFO or an employee in a similar position, requesting copies of all employees’ W-2 forms. Falling prey to the deceptive email, the employee inadvertently discloses confidential information, leading to immediate harm.
The repercussions of W-2 Fraud attacks are profound, with long-lasting effects. IRS Commissioner John Koskinen emphasized the severity of the situation, stating, “This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns.”
The Threat to Educational Institutions
While W-2 Fraud was once primarily a concern for corporate entities, cybercriminals have expanded their scope to target a broader range of organizations, including educational institutions. Among the 110 victim organizations, many were schools, such as Northwestern College, The College of Southern Idaho, Daytona State, Groton School District in Connecticut, Redmond School District in Oregon, and Yukon Public Schools in Oklahoma. This sampling underscores the fact that no entity is immune to such attacks, highlighting the need for educational institutions to prioritize security measures.
Regardless of size, location, or level of education (secondary or higher ed), school employees across the board are susceptible to falling victim to cyber scams.
Protecting Against W-2 Fraud
While the threat of W-2 Fraud extends beyond educational organizations to businesses of all sizes and industries, the preventive measures remain consistent. The good news is that safeguarding against such attacks does not require complex solutions.
Here are some fundamental steps to enhance protection for your organization and its employees:
Spread Awareness: Immediately notify your Accounting and HR teams about the prevalence of CEO Fraud requesting W-2 information. Instruct them to be vigilant against fraudulent emails seeking sensitive data and always verify such requests through alternative communication channels like phone calls, texts, or in-person conversations. Issuing timely warnings to these teams can avert potential disasters.
Stay Vigilant: When receiving any email related to taxes or W-2 forms from unfamiliar sources, it is crucial to verify the authenticity of the sender by contacting a trusted tax professional. Avoid clicking on “reply” to attach tax information, as the email address may be spoofed. For maximum security, hand-deliver your tax documents to your tax professional for in-person processing.
Encrypt Confidential Information: If physical delivery is not feasible, ensure that all sensitive information is encrypted before transmission. Many accountants utilize encryption programs to facilitate secure sharing of confidential data.
Educate Employees: Share information from the IRS regarding prevalent tax scams to increase awareness among staff members. Encourage them to remain cautious and report any suspicious activities promptly.
Report Scams: In the event of receiving a scam email, report it to the IRS by forwarding it to phishing@irs.gov with “W2 Scam” in the subject line. Reporting such incidents can aid in preventing further fraud attempts.
While W-2 fraud peaks during tax season, similar phishing techniques persist throughout the year. Maintaining a high level of alertness is essential. If an email raises any suspicions, refrain from responding, forwarding, or clicking on any embedded links. Verify the sender’s identity through trustworthy means and involve the IT department if needed.
In Conclusion
Protecting educational institutions from fraudulent attacks, such as W-2 Fraud, necessitates a proactive approach to cybersecurity. By raising awareness, staying vigilant, educating employees, and promptly reporting suspicious activities, schools can fortify their defenses against cyber threats. As cybercriminals continue to evolve their tactics, it is imperative for educational institutions to prioritize security measures to safeguard sensitive information and prevent potential data breaches.