And again with the W2s. This time it was the city of San Marcos that got scammed out of W2s. This impacts every city employee, about 800 of them and was only discovered after city employees found that their taxes had already been filed. As usual this was due to a phishing scam similar to the CEO Fraud emails (a.k.a. Business Email Compromise) which targets money transfers. Unfortunately, when a W2 is lost, it impacts the employee for a long time afterword.
To counter this, you need to train folks that have access to, or work with this sort of data to be very cautious what they send and to whom. When dealing with large amounts of money or sensitive data, it’s a good idea to implement a policy that requires a phone conversation (not recorded call) before sending anything.
Erich Kron, Security Awareness Advocate at KnowBe4, is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the 2nd Regional Cyber Center-Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in InfoSec