Home » Security » W-2 spear-phishing campaign: Don’t get caught!

W-2 spear-phishing campaign: Don’t get caught!

Duke’s IT Security Office received several reports of a new spear-phishing campaign targeting Duke employees in Finance and HR. In the examples that were received, the phishing email appears to come from a high-level administrator (“President Brodhead” in one case and “Sally Kornbluth” in another) and requests PDF copies of Duke W-2’s for 2016. An example is available on the Duke IT Secuity Website: https://security.duke.edu/news-alerts/w-2-request-scam-employees-2016-and-others.

This type of phishing scam is very common during tax season: https://www.irs.gov/uac/newsroom/irs-states-and-tax-industry-renew-alert-about-form-w2-scam-targeting-payroll-human-resource-departments.

Leave a comment

Your email address will not be published. Required fields are marked *