And again with the W2s. This time it was the city of San Marcos that got scammed out of W2s. This impacts every city employee, about 800 of them and was only discovered after city employees found that their taxes had already been filed. As usual this was due to a phishing scam similar to the CEO Fraud emails (a.k.a. Business Email Compromise) which targets money transfers. Unfortunately, when a W2 is lost, it impacts the employee for a long time afterword.
To counter this, you need to train folks that have access to, or work with this sort of data to be very cautious what they send and to whom. When dealing with large amounts of money or sensitive data, it’s a good idea to implement a policy that requires a phone conversation (not recorded call) before sending anything.
Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.