Other ways to search: Events Calendar | UTHSC

Cybersecurity Scam of the Week – W-2 Scams


The W-2 form, which details an employee’s earnings and withholdings, is a gold mine of information. Employees need this information to file income taxes each year. Because of that, scammers use different schemes to get information or get recipients to download malware.

Many W-2s are now delivered electronically, either as a PDF file or a link to an HR site, such as IRIS, where people can view and download the file. So the first scam is the tried and true method of getting someone to click on an attachment or a link thinking they are getting to their W-2. What they could be clicking on is malicious and used to download malware or go to an unprotected site to gather login credentials.

The second scam is the bold scammer that tries for everyone’s information, not just an individual. This type actually happened four years ago with the Tipton County school system. An employee got an email supposedly from the superintendent asking for employee’s W-2 and other sensitive information. The employee sent the scammer the information of nearly 2,000 coworkers.

There are many variations of these scams.

To combat these phishing attempt, use the same methods you have been taught to identify a phish:

  • sense of urgency (you need to open this NOW)
  • unknown sender
  • email address does not match the name
  • UTHSC business that had [Ext] in the Subject line, letting you know it is coming externally
  • the To: field isn’t just to you, but either a group of has the name of the sender

For more information about phishing emails, check out the Office of Cybersecurity’s webpage.

What has been reported to abuse@uthsc.edu this week?

  • [Ext] Task Request – from a Gmail account, spoofing the name of someone at UTHSC, wanting to know if someone was free to do a task. The classic start to a gift card scam.
  • [Ext] Status Confirmation for your 2 items with ID# – this is an Amazon.com spoof, stating the person purchased a $1,400 TV, billed to a credit card and shipped to Las Vegas. (Wouldn’t that capture your attention and get you to react?)
  • [Ext] Wednesday, February 17th, 2021 – a generic subject line to get though the spam filters, an “urgent” email that a person’s password is about the expire.
  • [Ext] Payment from your account – a sextortion scheme, trying to embarrass the recipient to pay bitcoin to keep “secrets”.

Keep reporting suspicious emails to abuse@uthsc.edu for examination and any other inquiries for the Office of Cybersecurity should be directed to itsecurity@uthsc.edu.