We continue to see all industries hit with W2 phishing scams, including the health care industry.
Citizens Memorial Hospital, located in Bolivar, Missouri, was hit with the scam when one of its employees believed that an email received from another employee was legitimate, and sent the W2s of its employees from 2016 to a hacker. Usually, the W2s are used by the hackers to then file false tax returns seeking a quick tax refund before the taxpayer files his or her return.
Employees continue to fall victim to the scheme as they do not check the email address to confirm that it is legitimate (by hovering over it), or do not pick up the phone or walk down the hall to confirm that the request is legitimate.
Providing employees with training and tools to combat these schemes will help them from not becoming victims in the future.
This post is also being shared on our Data Privacy +Security Insider blog. If you’re interested in getting updates on developments affecting data privacy and security, we invite you to subscribe to the blog.