W-2 Related Phishing Scams

As the IRS tax filing deadline approaches, Information Security would like to remind everyone, and especially those with financial responsibilities, to stay vigilant to opportunistic phishing scams. According to the Texas Department of Information Resources, an increased number of data breaches from successful W-2 related phishing scams has been observed. The W-2 scam uses email to impersonate a high-ranking official and requests employee W-2 information from finance or human resource staff.

Here are some tips to share on how to determine if an email is phishing or not:

1. Phishing messages are often use poor grammar or spelling and convey a sense of urgency or warn of dire consequences.

2. Use the “hover to discover” method to hover the mouse – without clicking – over links or email addresses to reveal where they really lead.

3. Verify the sender of the message. Messages that seem out of place, but claim to come from a university employee should be confirmed by directly contacting the individual involved, either through a phone call, or a new email thread.

Suspicious emails should be forwarded as an attachment to ITSS Information Security.