Not all phishing attempts are spear-phishing for W-2 forms. The University of Idaho is notifying employees whose personal information was in an employee’s email account after the employee fell for a phishing attack. From their notification: On January 24, 2017, we detected that one of our accounts was being used to send phishing email. The…
Category: Phishing
Has W-2 fraud overtaken healthcare as the most lucrative target for cyber-criminals?
Michael Bruemmer, a vice president with the Experian Data Breach Resolution group, poses a question about whether W-2 fraud has become the most lucrative target for criminals when attacking the healthcare sector. But the data he points to – some of which is based on the work DataBreaches.net is doing with Steve Ragan of Salted Hash,…
2016 W-2 data up for sale on the dark web (updated)
As regular readers know by now, DataBreaches.net has been compiling reported instances of W-2 phishing scams. As part of that investigation, I decided to take a quick look today at some dark net marketplaces to see if any data were up for sale. Brian Krebs had reported on this issue in January after finding a…
MO: Citizens Memorial Hospital employee data compromised by W-2 phishing
Personal and financial information — gone. Officials say W2 tax forms were mistakenly given to a scammer. And now all workers at Citizens Memorial Hospital are at risk. CMH is not yet saying how many of its workers this impacts. They say everyone who works there and at all of the dozens of locations in…
If you’ve been meaning to remind your employees not to fall for the W-2 phishing scam….
If you’ve been meaning to remind your employees not to fall for the W-2 phishing scam, but just haven’t managed to get around to it yet, consider this report yesterday from Wapack Labs about what they’re seeing in marketplaces on the darkweb: Wapack Labs has identified an actor in the Tor-based markets – we have labeled…
While investigating W-2 phishing scam, company discovers they were scammed last year, too (Updated)
The 2017 W-2 Phishing Victims List continues to grow, and I’m not posting most of them as individual reports, but one news story involving Monarch Beverage Company in Indianapolis deserves special mention because as CBS reports: While investigating this incident, the company discovered the same thing happened in April 2016. A scammer posing as the…