Threat Intel
New Phishing Scams Targeting HR Departments
Cybercriminals are increasingly targeting HR departments near tax season. A sophisticated new campaign involves fake W-2 requests.
By SecureBusinessHub Editorial, International cybersecurity desk — · 4 min read
Cybercriminals are running targeted campaigns against HR departments around tax season. The current wave involves fake W-2 requests.
How the scam works
Emails appear to come from the CEO or CFO, requesting immediate access to W-2 forms for all employees. The spoofing is convincing: look-alike domains or, in some cases, compromised internal accounts.
Business email compromise (BEC)
BEC is the expensive version of phishing. Unlike generic spam, a BEC attack is researched. The attacker may have spent weeks monitoring an executive's social media or watching a vendor email thread, waiting for the right moment to inject a fake invoice or payroll change request. It bypasses most technical filters because it uses social authority rather than malware.
Red flags to watch for
- Urgent requests for sensitive data ("Need this ASAP for audit").
- Slightly misspelled domain names (corpporation.com vs corporation.com).
- Requests to bypass standard procedures or send files to personal email addresses.
Out-of-band verification protocols
The fix for sophisticated phishing isn't new software. It's a process. Every request for sensitive data or financial changes should be confirmed by calling the person on a known number or speaking to them in person. Never use contact information from the suspicious email. That one rule, consistently applied, kills most BEC risk.
Read more about spotting deepfakes in our AI Phishing Guide.