{"id":7026,"date":"2017-03-17T16:17:21","date_gmt":"2017-03-18T00:17:21","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/03\/17\/news-817\/"},"modified":"2017-03-17T16:17:21","modified_gmt":"2017-03-18T00:17:21","slug":"news-817","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/03\/17\/news-817\/","title":{"rendered":"Govt. Cybersecurity Contractor Hit in W-2 Phishing Scam"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2017 22:02:02 +0000<\/strong><\/p>\n

Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks.<\/p>\n

\"athook\"On Thursday, March 16, the CEO of Defense Point Security, LLC\u00a0<\/strong>— a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.<\/p>\n

Alexandria, Va.-based\u00a0Defense Point Security<\/a>\u00a0(recently acquired by management consulting giant Accenture<\/strong>) informed current and former employees this week via email that all of the data from their annual W-2 tax forms — including name, Social Security Number, address, compensation, tax withholding amounts — were snared by a targeted spear phishing email.<\/p>\n

“I want to alert you that a Defense Point Security (DPS) team member was the victim of a targeted spear phishing email that resulted in the external release of IRS W-2 Forms for individuals who DPS employed in 2016,” Defense Point CEO George McKenzie<\/strong> wrote in the email alert to employees. “Unfortunately, your W-2 was among those released outside of DPS.”<\/p>\n

W-2 scams start with spear phishing emails usually\u00a0directed at finance and\u00a0HR\u00a0personnel. The scam emails will spoof a request from the organization\u2019s CEO (or someone similarly high up in the organization) and request all employee W-2 forms.<\/p>\n

Defense Point did not return calls or emails seeking comment. An Accenture spokesperson issued the following brief statement: \u00a0“Data protection and our employees are top priorities. Our leadership and security team are providing support to all impacted employees.\u201d<\/p>\n

The email that went out to Defense Point employees Thursday does not detail when this incident occurred, to whom the information was sent, or how many employees were impacted.\u00a0But a review of information about the company on LinkedIn<\/strong> suggests the breach letter likely was sent to around 200 to 300 employees nationwide (if we count past employees also).<\/p>\n

Among Defense Point’s more sensitive projects\u00a0is the U.S.<\/strong>\u00a0Immigration and Customs Enforcement\u00a0<\/strong>(ICE) Security Operations Center (SOC) based out of Phoenix, Ariz. That SOC handles cyber incident response, vulnerability mitigation, incident handling and cybersecurity policy enforcement for the agency.<\/p>\n

Fraudsters who perpetrate tax refund fraud prize W-2 information because it contains virtually all of the data one would need to fraudulently file someone\u2019s taxes and request a large refund in their name.\u00a0Scammers in tax years past also have\u00a0massively phished\u00a0online payroll management account credentials<\/a> used by corporate HR professionals. This year, they are going after people who run tax preparation firms<\/a>, and W-2’s are now being openly sold in underground cybercrime stores.<\/p>\n

Tax refund fraud affects hundreds of thousands, if not millions, of U.S. citizens annually. Victims usually first learn of the crime after having their returns rejected because scammers beat them to it. Even those who are not required to file a return can be victims of refund fraud, as can those who are not actually due a refund from the IRS.<\/span><\/p>\n

ANALYSIS<\/h4>\n

I find it interesting that a company which obviously handles extremely sensitive data on a regular basis and one that manages a highly politicized government agency would not anticipate such attacks and deploy some kind of data-loss prevention<\/a> (DLP) technology to stop sensitive information from leaving their networks.<\/p>\n

Thanks to their mandate as an agency, ICE is likely a high risk target for hacktivists and nation-state hackers. This was not a breach in which data was exfiltrated through stealthy means; the tax data was sent by an employee openly through email. This suggests that either there were no DLP technical controls active in their email environment, or they were inadequately configured to prevent information in SSN format from leaving the network.<\/p>\n

This incident also suggests that perhaps Defense Point does not train their employees adequately in information security, and yet they are trusted to maintain the security environment for a major government agency. This from a\u00a0company that sells\u00a0cybersecurity education and training<\/a>\u00a0as a service to others.<\/p>\n

DON\u2019T BE THE NEXT VICTIM<\/h4>\n

While there isn’t a great deal you can do to stop someone at your employer from falling for one of these W-2 phishing scams, here are some steps you can take to make it less likely that you will be the next victim of tax refund fraud:<\/p>\n

-File before the fraudsters do it for you<\/strong>\u00a0\u2013 Your primary defense against becoming the next victim\u00a0is to file your taxes at the state and federal level as quickly as possible. Remember, it doesn\u2019t matter whether or not the IRS owes you money: Thieves can still try to impersonate you and claim that they do, leaving you to sort out the mess with the IRS later.<\/p>\n

-Get on a schedule to request a free copy of your credit report.<\/strong> By law, consumers are entitled to a free copy of their report from each of the major bureaus once a year. Put it on your calendar to request a copy of your file every three to four months, each time from a different credit bureau. Dispute any unauthorized or suspicious activity. This is where credit monitoring services are useful: Part of their service is to help you sort this out with the credit bureaus, so if you\u2019re signed up for credit monitoring make them do the hard work for you.<\/p>\n

-File form 14039 and request an IP PIN from the government.<\/strong> This form requires consumers to state they believe they\u2019re likely to be victims of identity fraud. Even if thieves haven\u2019t tried to file your taxes for you yet, virtually all Americans have been touched by incidents that could lead to ID theft \u2014 even if we just look at breaches announced in the past year alone.<\/p>\n

Consider placing a \u201csecurity freeze\u201d on one\u2019s credit files with the major credit bureaus.<\/strong> See this tutorial<\/a> about why a security freeze — also known as a “credit freeze,” may be more effective than credit monitoring in blocking ID thieves from assuming your identity to open up new lines of credit. While it\u2019s true that having a security freeze on your credit file won\u2019t stop thieves from committing tax refund fraud in your name, it would stop them from fraudulently obtaining your IP PIN.<\/p>\n

\u2013Monitor, then freeze.<\/strong> Take advantage of any free credit monitoring available to you, and then freeze your credit file with the four major bureaus. Instructions for doing that are here<\/a>.<\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2017 22:02:02 +0000<\/strong><\/p>\n

Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLP — a Virginia company that bills itself as “the choice provider of cyber security services to the federal government” — told all employees that their W-2 tax data was handed directly to fraudsters after someone inside the company got caught in a phisher’s net.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[11670,11671,11672,11673,11674,11675,10644,11676,11165,11677,11190],"class_list":["post-7026","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-accenture","tag-data-loss-prevention","tag-defense-point-security","tag-dlp","tag-george-mckenzie","tag-ip-pin","tag-other","tag-security-freeze","tag-tax-refund-fraud","tag-u-s-immigration-and-customs-enforcement","tag-w-2-phishing"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7026"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7026\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7026"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}