CEO W2 Request Scam

Cyber criminals want access to sensitive data. But rather than a brute-force attack to get it, they’ve figured out its much easier to simply go after users that already have access to the data. One scheme that’s popping up everywhere in the last few weeks is the CEO W2 Request Scam.

This appears as a phishing attack directed at someone in HR or Finance that has already access to this information. The individual receives an email with a spoofed sender address of the CEO (faked address) asking if they would ‘kindly forward PDF copies of all W2s’. It might even be followed up with a text message or another email and sometimes an additional request to have money wired somewhere.

W2s are selling for between $4 and $20 out on the Dark Web. The information on the W2s is used to file bogus tax returns, open financial accounts, apply for loans and credit cards, etc. And once this information is out, there’s no getting it back. It’s a major, long-term headache for anyone affected. And small and large companies are being hit, so no one is immune.

So tell your users to be careful and remember to not send personal or financial information via email and if they are ever unsure, stop and pick up the phone and verify any requests for information that are unusual or uncharacteristic.