Tech Tip: Encryption and Vigilance Can Prevent Identity Theft

We’re seeing a new variant of an old scam. Here’s how it plays out: an administrative assistant gets an e-mail from her boss – who’s traveling – to please send him scanned copies of all the W2 tax forms the company issued at the end of January – ASAP!

The message appears to come directly from her manager. It includes what looks like his actual e-mail address when she views it in Outlook. Her suspicion is aroused, however, because she just talked to her boss on the phone that morning, and he never mentioned needing such information. Before she collects the W2 PDFs on the HR drive, she decides to text her boss and check on it.

Great catch! The boss never requested that information. Had the administrative assistant not been proactive and just completed the task assigned to her, she would have given the scammer all the confidential information on the federal W2 forms for every employee in her firm! The scammer likely would have used the information to commit identity theft and/or file false returns the next year to claim the refund.

Always be vigilant and proactive – it’s better to be suspicious and to double-check everything when dealing with confidential information. Try to use encrypted e-mail for all such details, or at a minimum set a password to limit access to the files (and don’t include the password in the body of the e-mail!) The few extra minutes it takes for these security precautions could save months of heartache for all of your employees.

Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.

tagscomputer safetyencryptionpasswordsscammervigilance