publications full of ideas
Don't Bite!
Shorts On Long Term Care March 2017

1.18.2017

In early February, the IRS issued “an urgent alert” concerning the latest version of the phishing scam that targets W-2 payroll information. In a scenario that has played out countless times, hackers generate a fraudulent email that looks like it came from an organization executive, asking HR personnel to send back employee W-2 forms in a return message. When the forms are sent, they are used to file fraudulent tax returns and for other malicious purposes. This particular scam generally works as follows:

An employee in the targeted organization’s HR department receives a “spoofed” email, which superficially appears to come from a high-ranking member of management;

The spoofed email asks the employee to respond with electronic copies of the previous year’s W-2 earnings statements (which will include employees’ social security numbers, compensation information and home addresses) for all of the organization’s employees; and

The employee, believing that he or she is being responsive to a request from senior management, replies to the spoofed email with the requested tax information.

While all “social engineering” scams seek to find and exploit human weaknesses in order to gain access to sensitive information, this scam is brilliantly cynical: it exploits the imbalance of power between senior management and subordinate personnel by inducing a sense of urgency and desire-to-please with the goal of overwhelming the subordinate’s ability to think critically about the information request. Like any good card trick, the spoofed email creates a psychological distraction that blinds the recipient to the sleight of hand taking place right before his or her eyes.

The consequences of a successful W-2 phishing scam can be extremely serious for the target. Data breach notification laws may require delivery of notices to affected employees, government agencies, credit reporting agencies and/or the media. The organization will also need to report the incident to local and federal law enforcement agencies, as well as the IRS. In short, it will be a costly, time-consuming, distracting and morale-draining experience to deal with the aftermath of a W-2 phishing scam.

In its February alert, the IRS emphasized this scam has begun circulating even earlier this year and is targeting a broader group of organizations including school districts, chain restaurants, and health care organizations. IRS Commissioner John Koskinen called it “one of the most dangerous email phishing scams we’ve seen in a long time.” He stressed the need for vigilance and prompt reporting of incidents to the IRS, by forwarding these messages to phishing@irs.gov, under the subject line “W2 scam.”

As always, the first line of defense against every scam is workforce training and vigilance. In addition to sensitizing personnel to this and other phishing dangers, the IRS recommends organizations adopt a formal written policy about the distribution of W-2 information and other sensitive data. We recommend adopting a general policy triggered whenever an employee gets a request for any sensitive data from a colleague, requiring the employee to start a new email to the purported originator of the message, and never reply directly to the email. You can see the IRS alert on this subject here

Physical Address: 301 Fayetteville Street, Suite 1900, Raleigh, NC 27601

what's new at the firm

Two Poyner Spruill Attorneys Help Work for Tomorrow through Mentor Program at UNC Law

2/20/2018

RALEIGH, NC – Founded in 2016, the McIntyre-Whichard Legal Fellows Program is now in its second year of existence at the University of North Carolina School of Law. The program was founded by two UNC Law School alums and is co-sponsored by the North Carolina Study Center and the UNC Christian Legal Society. The program is named after Poyner Spruill partner and former U.S. Congressman Mike McIntyre and former N.C. Supreme Court Justice Willis Whichard, who are both alums of the university and serve as program mentors.

Poyner Spruill Diversity Committee to host panel discussion with key leaders in the legal field to celebrate Black History Month

2/12/2018

The Poyner Spruill Diversity Committee is celebrating Black History Month by hosting an intimate panel discussion with key leaders who have been successful in the legal field.

Twenty-three Poyner Spruill Attorneys Honored by Super Lawyers in 2018

2/5/2018

RALEIGH, NC – Poyner Spruill is pleased to announce that 16 of its attorneys have been recognized as 2018 North Carolina Super Lawyers and 7 were named as 2018 North Carolina Rising Stars by North Carolina Super Lawyers Magazine.

Poyner Spruill’s Client Service & Strategy Manager to Present at the 2018 Festival of Legal Learning

1/23/2018

RALEIGH, NC – Poyner Spruill’s Manager of Client Service & Strategy, Brandi Hobbs, has been invited to present at the University of North Carolina School of Law’s 2018 Festival of Legal Learning. The festival will take place February 9-10 at The William & Ida Friday Continuing Education Center in Chapel Hill.

Poyner Spruill files amicus brief with U.S. Supreme Court on behalf of European business organizations

1/12/2018

RALEIGH, NC — Led by partner Saad Gul, the law firm of Poyner Spruill LLP filed an amicus curiae brief on behalf of five European business organizations, asking the U.S. Supreme Court to uphold a lower court’s ruling preventing officials from accessing specific private emails housed on a server in Ireland.