Criminals have been actively targeting tax information that can be used to file fraudulent returns, according to CSO Online.
In the first few months of 2016, dozens of businesses have come under spear phishing attacks seeking employee tax data, as observed by the publication's investigators.
As well, early this month, the Internal Revenue Service issued an alert to payroll and HR professionals about the growing trend of BEC (business email compromise/correspondence) attacks targeting W-2 and other tax related data.
Many of these attacks disguise themselves as coming from the CEO or CFO, duping employees into lowering their guard. But, CSO said, awareness campaigns will do little to defend against this strategy. Rather, more pertinent is empowering individuals to recognize suspicious correspondence, whether seemingly from an authority or not, and motivating them to alert appropriate members of the staff.
As well, the article stated, policies need to be implemented to require validation from a second person when it comes to financial data.