The IRS recently announced that a Form W-2 phishing scheme is now targeting many not-for-profit organizations. Human resources departments in school districts, tribal governments and other not-for-profit organizations have reported receiving bogus emails asking for their employees’ W-2 tax information. For-profit companies have also reported suspicious W-2 related emails, which are similar to scams reported in 2016.
Email phishing is a form of social engineering that cybercriminals use to access your organization’s secure network or personally identifiable information. Cybercriminals use various spoofing techniques to create emails that look legitimate and manipulate users into responding or providing key pieces of information to unauthorized users.