Scammers are conning HR personnel into providing access to employees’ W2s

Scammers have found yet another angle in illegally obtaining sensitive personal information. Rather than simply targeting random people and harassing them with robocalls posing as the IRS, fraudsters have decided that contacting the human resource personnel of large companies — often using company stationery and signing off with the names of company CEOs and CFOs — is far more lucrative. Apparently, they’re focusing on the “scare factor” by intimidating such personnel into handing over all manner of employee information, including W2 records. Afraid to verify the authority of these requests, the HR personnel give these scammers what they want. It’s believed by authorities that these requests are most likely are being sent by Eastern European hacker groups planning to sell the information or claim fraudulent tax refunds. Welcome to the latest great tax season scam!

Two companies which have been attacked have been Seagate Technology and Snapchat — no doubt there are others, but they aren’t eager to expose their individual HR departments’ naivete. It is, after all, rather embarrassing to admit to such security protocol breaches, and according to this article employers are trying to perform damage control by offering “free credit monitoring” for compromised employees. Too little, too late.

The scam, which involved fake emails purportedly sent by top company officials, convinced the companies involved to send out W-2 tax forms that are ideal for identity theft. For instance, W-2 data can easily be used to file bogus tax returns and claim fraudulent refunds.

The embarrassing breakdowns have prompted employers to apologize and offer free credit monitoring to employees. Such measures, however, won’t necessarily shield unwitting victims from the headaches that typically follow identity theft.

“This mistake was caused by human error and lack of vigilance, and could have been prevented,” Seagate’s chief financial officer, Dave Morton, wrote in a March 4 email to the company’s employees about the breach.

The swindlers behind the tax scam are exploiting human gullibility rather than weaknesses in computer or Internet security. They have targeted company payroll and personnel departments, in many instances with emails claiming to be requests from the company CEO asking for copies of worker W-2s.
The schemes are so widespread that the IRS sent a March 1 notice alerting employers’ payroll departments of the spoofing emails. The IRS said it’s seen a 400 percent increase in phishing and computer malware incidents this tax-filing season.

The agency said the scheme has so far claimed “several victims,” but declined to disclose how many other employers had reported releasing W-2s to unauthorized parties.

Apparently, it’s not always that scammers are targeting clueless people, it’s that they themselves are becoming more bold, wily and creative. And it’s almost impossible to stay one step ahead of them when this happens. Question authority, even if it means you risk losing your job. That’s a tough call.

Leave a Reply

Your email address will not be published. Required fields are marked *

*