Blog

Say NO to Stealing Sensitive Information by Phishing
Cybersecurity Data breach Insider threat

Say NO to Stealing Sensitive Information by PhishingJust a few days after the IRS released it’s warning about W-2 phishing, it appears the College of Southern Idaho (CSI) reported that 3,000 employees’ personal information may have been compromised by a phishing scam.

The attackers are now expanding their sights into higher education according to a recent article by Paul Greene, an attorney at Harter Secrest & Emery.  Given the large number of employees, including seasonal employees, community education instructors and people who work for auxiliary agencies, these institutions are great sources of sensitive information and money.  In this case, someone impersonating a CSI administrator sent an email to an employee requesting W-2 information for all school employees over the past two years.

How to Fight the Latest Phishing Scams
Cybersecurity Data breach Insider threat

How to Fight the Latest Phishing ScamsThe more things change, the more they stay the same, unfortunately.  Paul Greene, an attorney at Harter Secrest & Emery, in a recent blog post mentioned a new IRS warning about the reappearance of phishing scams targeting W-2 information.  Companies have lost thousands of dollars in email compromise attacks that first steal W-2s and then attempt wire transfer frauds.

This is nothing new, of course, with the IRS having issued the same form of warning around this time last year.  But it is tax season and the scammers, fraudsters and hackers decided to get a jump on things this year.

In recent years, the criminals targeted corporations, but this year they are casting a wider net, potentially affecting schools, non-profits, restaurants, healthcare providers, and tribal organizations.  This is a classic case of targeting organizations that may not have the best security, since they have not been victims in the past.  Those organizations affected in recent years have hardened their defenses, but now the scammers are going after the next tier.  They also may be going after the supply chain of some of the companies targeted in the past.  After all it’s easier to attack a small service provider than to attack a large bank or manufacturing company.