Think twice before getting caught up in the latest email phishing scam
by Stefani Laszko

On February 2, 2017 the IRS issued an urgent alert regarding a new email phishing scam involving W-2s. According to Forbes online, this scam has already claimed 29,000 victims across multiples sectors. This particular scam is even more evolved; phishing coupled with executive fraud and wire transfers. Though these reports have become a frequent occurrence, if you simply remain diligent to a few rules your chances of causing a breach are significantly decreased.

This particular scam takes the traditional email phishing scams to a new level in that it involves business executive impersonation and wire fraud in relation to your company’s distribution of W-2’s. Before you start thinking “I’m too small, this will never happen to me, etc.” let me tell you we have seen both of these individual types of scams multiple times within our client base. If you have data, you’re not too small and frankly, a breach will cost you more than your bigger competitors.

Traditional Email Phishing – Though we have covered this a handful of times in different articles it’s important that we keep this information top of mind. These strikes normally arrive in your inbox with a malicious attachment or a prompt to a web link. The easiest way to distinguish if an attachment is safe or malicious is to look at the file extension – the three letters that follow the period at the end of the file name. According to Microsoft, .exe, .com, .pif, .bat and .scr are the most common file name extensions that may contain a dangerous file. Sometimes the extensions are not viewable by default. If that is the case on your computer, you can enable them by going to Control Panel > File and Folder Options > Hide Extensions for Known File Types (uncheck this item.) Also, be very wary of attachments with two extensions, such as pdf.exe. The only file extension that matters is the last one and it is extremely rare to have two file names, it is probably someone trying to trick you into thinking a file is safe. If you received an email with a hyperlink in the body, hover over it and look closely to the web address to see if it matches the rest of the email. These 2 checks alone can save you from a phishing attack.

Executive Fraud – Some phishing emails are getting so advanced that they appear to be sent from an executive from your company or a partner/vendor company you do business with. We’ve seen 2 instances of this type of fraud in the last six months. Fortunately, the receiver of the email was tipped off that something didn’t seem right as the email body just didn’t “sound” like something the executive would write. A simple phone call confirmed the recipient’s hunch and a crisis was averted.

Wire Fraud – Now this is a scary one. The “executive” in the fraud reference above asks for a wire transfer to be done. We have actually seen this occur but thankfully for our client the bank questioned it and they were able to recover their money. If your business frequently deals with wires you must have a multi-step procedure in place to stop any potential attacks.

Once again, this new threat combines these methods to try and catch you off guard and is timed right at the start of tax season. The perpetrators are trying to fool your staff into releasing your information or sending money so that you don’t mess with the IRS. “This is one of the most dangerous email phishing scams we’ve seen in a long time,” IRS Commissioner John Koskinen said. “Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars.” If you come across anything suspicious the IRS is requesting that you email and place “W2 Scam” in the subject line and remember the tips above. Just a few extra minutes looking over an email before you respond, clink a link or open an attachment can save you exponentially.

Mythos Technology is an IT consulting and management firm. For more information, please visit or call (951) 813-2672.