If you’ve been meaning to remind your employees not to fall for the W-2 phishing scam, but just haven’t managed to get around to it yet, consider this report yesterday from Wapack Labs about what they’re seeing in marketplaces on the darkweb: Wapack Labs has identified an actor in the Tor-based markets – we have labeled…
Category: Phishing
While investigating W-2 phishing scam, company discovers they were scammed last year, too (Updated)
The 2017 W-2 Phishing Victims List continues to grow, and I’m not posting most of them as individual reports, but one news story involving Monarch Beverage Company in Indianapolis deserves special mention because as CBS reports: While investigating this incident, the company discovered the same thing happened in April 2016. A scammer posing as the…
With at least 23 incidents and 29,000 victims, the W-2 phishing season is in full swing
Over on Salted Hash, Steve Ragan has also been compiling data on victims of business email compromise (BEC) W-2 phishing scams. BEC W-2 phishing scams are the scams where someone poses as an executive of your organization and sends you an email from an address that at first glance might appear to be real. Their email…
Victims of W-2 phishing scams (2017 list)
— The list of entities reporting that employee W-2 data was acquired by phishing.– Last year, this site compiled 145 W-2 phishing incidents before I somewhat waved a white flag in terms of trying to keep up, but as I started working on this year’s list, I found even more cases from 2016, bringing the 2016…
Russian hackers behind attempted Polish foreign ministry hack: report
Radio Poland reports: A hacking attempt in December on the computer servers of the Polish Foreign Ministry was likely the work of Russian hackers, according to the Rzeczpospolita daily. The alleged hackers were part of the APT28 group, also known as the Fancy Bear cyber espionage group, which experts identify as being associated with the…
WY: Hospital scammed for employee information (updated with other W-2 phishing incidents)
Update Feb. 2, 2017: The list for 2017 has been moved to its own post that will be updated as more incidents are reported. Original post: First it was Dracut Schools. Then it was Tipton County Schools and then Odessa School District whose employees had their SSN and information from W-2 forms acquired by criminals in phishing…