Technology Blog »

Employee Social Security Number Email Scam

W2 Social Security # Scam

A Warning About an EMail Scam Requesting a list of W2 Employee Social Security Numbers

There is a new twist or variation on an old email scam that has the potential to cause a catastroPHIc security breach for businesses on the rise this tax season, the scary thing is that it only takes one employee to make this common mistake.

You have seen some of our blog posts about emails that come from a CFO or President of a company requesting  monies to be transferred to an account ASAP

This email scam has similar characteristics in that it typically comes from an email address resembling the President or CFO of the company and will have one or two indiscernible characters changed. However, this request asks the recipient to send all active W-2's to them for one reason or another.

Unfortunately, there aren't the usual “Red Flags” such as links or attachments included in the email, this time it is just waiting for a user to reply and we typically don't have our guard up around something so simple as W2's but they do contain employee's Social Security #'s.

If the recipient falls victim to this mistaken identity, within a few short minutes, they have just emailed someone outside of their company the personal information of all of their employees. This information includes each employees’ full name and Social Security number which would in most cases cause a major liability for your employees and your company. 

How Can You Prevent this?

  • Educate your staff on the importance of being vigilant especially with email security.
     
  • Pay attention to any email that is requesting any financial or personal information.
     
  • Never use email to send a Social Security Number!
     
  • Use secure sending solutions like http://send.dcsny.com to encrypt sensitive data.  DCS provides Send as a free service to our clients.
     
  • Before sending any information, follow up with the sender with a phone call to ensure that the request is legitimate.
     
  • Invest in an email monitoring solution which has a data leak prevention functionality.
     
  • Implement a strong AntiSpam Solution to help mitigate the threat of email phishing scams however understand that no antispam solution is 100%

 

if you want to have a conversation about email safety feel free to give us a call.  We are always here for our clients and those who may want to become clients.