Duke’s IT Security Office received several reports of a new spear-phishing campaign targeting Duke employees in Finance and HR. In the examples that were received, the phishing email appears to come from a high-level administrator (“President Brodhead” in one case and “Sally Kornbluth” in another) and requests PDF copies of Duke W-2’s for 2016. An example is available on the Duke IT Secuity Website: https://security.duke.edu/news-alerts/w-2-request-scam-employees-2016-and-others.

This type of phishing scam is very common during tax season: https://www.irs.gov/uac/newsroom/irs-states-and-tax-industry-renew-alert-about-form-w2-scam-targeting-payroll-human-resource-departments.