Executive Advisor, Security Communications and Awareness
Ping Look is executive advisor of Optiv’s security communications and awareness group. In this role she specializes in advising, designing and implementing holistic security awareness programs that are scalable and create a lasting culture of security minded behaviors for Optiv’s clientele.
Be on Alert for Phishing Scams during Tax Season!
Once again tax season is upon us, and with it brings increased phishing attempts targeted at obtaining tax information from both for-profit and non-profit organizations. The attackers target personnel who handle employee tax information— HR, finance, accounting and payroll — by posing as high level executives requesting sensitive information belonging to employees such as W-2 forms, earnings statements, salary information, social security numbers and home mailing addresses. Once the attackers have this information, they can file fraudulent tax returns to obtain phony tax refunds.
These attempts might be very obvious or they may be sophisticated. Here are a few helpful hints to help you identify these phishing attempts:
- Verify the identity of the sender: Is the sender email address correct? A simple call to the sender can quickly resolve any suspicions.
- Confirm the legitimacy of the request: Is the person authorized and need to have access to the data they are requesting?
- Analyze the tone and language of the email: Does it match the past correspondence from the sender?
If you receive an email asking for you to send sensitive information, always question the legitimacy and take action to confirm the request. There are very few scenarios when a request for sensitive information would be made in email. If you are not comfortable confirming the request, you can always send a request to your finance and HR departments to verify the request.