As regular readers know by now, DataBreaches.net has been compiling reported instances of W-2 phishing scams. As part of that investigation, I decided to take a quick look today at some dark net marketplaces to see if any data were up for sale. Brian Krebs had reported on this issue in January after finding a…
Category: Phishing
MO: Citizens Memorial Hospital employee data compromised by W-2 phishing
Personal and financial information — gone. Officials say W2 tax forms were mistakenly given to a scammer. And now all workers at Citizens Memorial Hospital are at risk. CMH is not yet saying how many of its workers this impacts. They say everyone who works there and at all of the dozens of locations in…
If you’ve been meaning to remind your employees not to fall for the W-2 phishing scam….
If you’ve been meaning to remind your employees not to fall for the W-2 phishing scam, but just haven’t managed to get around to it yet, consider this report yesterday from Wapack Labs about what they’re seeing in marketplaces on the darkweb: Wapack Labs has identified an actor in the Tor-based markets – we have labeled…
While investigating W-2 phishing scam, company discovers they were scammed last year, too (Updated)
The 2017 W-2 Phishing Victims List continues to grow, and I’m not posting most of them as individual reports, but one news story involving Monarch Beverage Company in Indianapolis deserves special mention because as CBS reports: While investigating this incident, the company discovered the same thing happened in April 2016. A scammer posing as the…
With at least 23 incidents and 29,000 victims, the W-2 phishing season is in full swing
Over on Salted Hash, Steve Ragan has also been compiling data on victims of business email compromise (BEC) W-2 phishing scams. BEC W-2 phishing scams are the scams where someone poses as an executive of your organization and sends you an email from an address that at first glance might appear to be real. Their email…
Victims of W-2 phishing scams (2017 list)
— The list of entities reporting that employee W-2 data was acquired by phishing.– Last year, this site compiled 145 W-2 phishing incidents before I somewhat waved a white flag in terms of trying to keep up, but as I started working on this year’s list, I found even more cases from 2016, bringing the 2016…