Beazley’s Five Tips To Avoid Being “Harpooned” This Tax Season

Beazley’s Five Tips To Avoid Being “Harpooned” This Tax Season
Image source: Pixabay

Hackers are increasingly impersonating company executives in “harpooning” attacks aimed at accessing employee W-2 tax form information. The IRS this month issued a warning to be on the lookout for more of these hacking attempts in the current tax season. Beazley, a leading provider of data breach response insurance, offers these tips to help businesses protect against harpooning attacks:

  1. Trust, but verify – Any unusual requests to send funds or employee information should be confirmed through an alternate communication channel. Criminals can spoof an executive’s email address, and even their typical phrasing and communication patterns to bypass spam filters. Employees receiving unusual requests from executives, vendors or business partners should always follow up with a phone call to confirm. If it’s that important, they will be sure to pick up the phone.
Tax Season
  1. Check your website – Corporate websites often include contact information for top executives and customer-facing personnel, but too much contact information can help scammers target weak links. Conduct a website audit to ensure contact details for lower level employees, especially those in finance, are not available publicly. This can be a big help to thieves trying to target the employees most likely to have wire transfer capabilities.
  2. Watch out for “Out of Band” requests for W-2s – Requests for employee tax information from hackers are a growing threat. These harpooning attempts are the easiest to prevent. An “out of band” request is a request outside of the typical chain of command. There are very few legitimate circumstances when a CEO, CFO or other top executive would request employee W-2 information from a junior employee.
  3. 4Be aware of urgency – Scammers are likely to send requests conveying a great sense of urgency, hoping that an unsuspecting employee will send now, think later. The scammers will make the employee believe they will be reprimanded by a high level executive or headquarters if they do not act on the request immediately. Senior leadership should reinforce the importance of taking the necessary precautions to safeguard employee information and the company itself.
  4. Don’t enable “social sleuthing” – Some scammers will take advantage of executives who publicly post about their vacations or travel plans on social media, and then prey on lower-level employees by sending an email requesting highly sensitive employee information or a wire transfer to a third-party on their behalf. As a best practice, employees of all levels should be careful what they make public on social media.

Katherine Keefe, global head of BBR Services, said: “Hackers are on the grab right now for W-2s, social security numbers and other personal information in order to perpetrate tax fraud. These prevention steps are not difficult to implement, but they do require awareness and vigilance at all levels of an organization. In the case of harpooning for tax information, an ounce of prevention is certainly better than the pound of cure.”

Read the Beazley Breach Insights – January 2017 report.

The Hedge Fund Manager Who Broke Even When Most Other Funds Got Killed

Moez Kassam of Anson FundsWhen investors are looking for a hedge fund to invest their money with, they usually look at returns. Of course, the larger the positive return, the better, but what about during major market selloffs? It may be easy to discount a hedge fund's negative return when everyone else lost a lot of money. However, hedge Read More

About Beazley Breach Response (BBR)

Beazley has helped clients handle more than 5,000 data breaches since the launch of Beazley Breach Response in 2009 and is the only insurer with a dedicated in-house team focusing exclusively on helping clients handle data breaches. Beazley’s BBR Services team coordinates the expert forensic, legal, notification and credit monitoring services that clients need to satisfy all legal requirements and maintain customer confidence. In addition to coordinating data breach response, BBR Services maintains and develops Beazley’s suite of risk management services, designed to minimize the risk of a data breach occurring.

Note to editors:

Beazley plc is the parent company of specialist insurance businesses with operations in Europe, the US, Canada, Latin America, Asia, the Middle East and Australia. Beazley manages six Lloyd’s syndicates and, in 2016, underwrote gross premiums worldwide of $2,195.6 million. All Lloyd’s syndicates are rated A by A.M. Best.

Beazley’s underwriters in the United States focus on writing a range of specialist insurance

products. In the admitted market, coverage is provided by Beazley Insurance Company, Inc., an A.M. Best A rated carrier licensed in all 50 states. In the surplus lines market, coverage is provided by the Beazley syndicates at Lloyd’s.

Beazley is a market leader in many of its chosen lines, which include professional indemnity, property, marine, reinsurance, accident and life, and political risks and contingency business.

For more information please go to:

Updated on

Sheeraz is our COO (Chief - Operations), his primary duty is curating and editing of ValueWalk. He is main reason behind the rapid growth of the business. Sheeraz previously ran a taxation firm. He is an expert in technology, he has over 5.5 years of design, development and roll-out experience for SEO and SEM. - Email: sraza(at)
Previous article Millennials: Desire For More Employment Perks
Next article Gmail On Android Adds Support For Payments

No posts to display