Beware: Fraudulent W-2 Emails Ahead

Tax season is upon us and spammers are taking full advantage of the situation. Reports of fraudulent emails that appear to come from the IRS are popping up. The email states that all employers need to complete the attached W-2 update form. Unfortunately, the attachment contains a remote administration tool that allows the attacker to execute commands on the system.

The malicious file is named W2-Form and has various file extensions including .rtf, .pdf, and ,.doc.

While this attack targets employers, I suspect that the next wave will target employees. Possible scenarios include malicious attachments as described above and directing employees to fake corporate websites.
Employers should notify their employees of how W-2 information will be delivered and warm them of possible fraudulent emails. For more information on reporting these types of malicious emails visit

http://www.irs.gov/privacy/article/0,,id=179820,00.html

KeePass Password Safe

Are you looking for a free and easy to use password safe? Be sure to check out KeePass. It’s a great open source product that will place all of your passwords in a database which is locked with a secure key or key file.

The result? You only need to remember one password instead of hundreds.

Some key features include:

  • Full database encryption; not just the passwords
  • Portability- It can be placed on a USB stick
  • Multiple key support- A key file can be used (which can be carried with you), a password can be used, or a combination of both!
  • It’s not just for Windows. Ports are available for Linux, OS X, Blackberry, PalmOS, and many more

Want to learn more? Check out their site at http://keepass.info/