By Robin Sidel
An email scam targeting companies is putting huge amounts of
individuals' tax information into the hands of criminals,
potentially wreaking havoc on the victims' lives for years.
Coming at the height of tax season, when millions of workers are
filing their federal and state returns, the "phishing" or
"spoofing" scheme is simple and effective: The perpetrator,
impersonating a company's high-ranking executive from a phony email
address that appears legitimate, fools staffers in the payroll or
human-resources departments into forwarding W-2 forms or other tax
information.
"It's huge. It's just huge," said Dolores Furniss, manager of
state and federal tax programs at the Utah State Tax Commission,
which, like other state agencies, is scrambling to deal with the
fallout. She said her office was notified on Thursday by a company
that it was victimized, and within an hour she had fielded phone
calls from 10 employees.
Scores of companies employing hundreds of thousands of workers
have already disclosed that they have fallen victim to the scam.
Weight Watchers International Inc. is one of the latest
victims.
"In what has, unfortunately, become common, Weight Watchers was
targeted by criminals using a phishing scam to obtain personal
information about some current and former employees," the company
said in a statement over the weekend. The attackers received
information about 434 former and current employees out of a current
U.S. workforce of roughly 13,000.
Other victims include data-storage firm Seagate Technology PLC
in Cupertino, Calif.; Billy Casper Golf, a golf-course company
based in Reston, Va.; biotechnology company PerkinElmer Inc.; and
Phoenix-based regional grocery chain Sprouts Farmers Market
Inc.
Stolen information from these scams is being sold on underground
websites and criminals are using the data to file fraudulent tax
returns and collect the refunds, according to tax and cybersecurity
experts. Even those employees who don't have their identities
stolen could face delays in getting their tax returns or other
additional scrutiny, since tax departments will take extra measures
to ensure the authenticity filings from employees of companies that
experienced thefts.
The thefts are especially damaging since they often include
Social Security numbers, which can't easily be canceled and
replaced like credit cards, meaning thieves can continue to try to
use the stolen information for years, experts say.
"Kindly prepare the lists and email them to me asap," read one
such email, according to the Internal Revenue Service, which issued
an alert about the scam last month.
An employee, thinking the request from a superior is authentic,
then sends the W-2 data to the fake email address. An employee's
W-2 form includes a Social Security number, address, salary and
other information that thieves could use for identity theft or to
file fake tax returns.
Tax officials say thieves are targeting companies of all sizes;
at least 50 have already reported that they were victims.
"We are definitely talking about many, many thousands of
employees and I would have to think there are some companies that
aren't confessing to it," said Verenda Smith, deputy director of
the Federation of Tax Administrators, an organization of state tax
officials.
A spokesman for Seagate said several thousand current and former
employees were affected by the deceit, which the company discovered
on March 1. "The information was sent by an employee who believed
the phishing email was a legitimate internal company request," the
company said in a statement. Seagate is offering two years of
credit monitoring to affected workers.
"We sincerely apologize for this situation and are working to
enhance our controls and make additional investments in protocols,
technology and training," said Donna Egan, spokeswoman for Sprouts
Farmers Market, which has more than 21,000 employees and 220
stores.
Representatives of PerkinElmer and Billy Casper Golf couldn't be
reached for comment.
The trouble comes as the IRS is still recovering from a 2015
attack in which hackers gained access to as many as 700,000
taxpayer accounts. The agency didn't respond to a request for
further comment on the scam.
The pervasiveness of the latest scam highlights how easily
employees can unwittingly expose important data to criminals.
Companies are increasingly warning employees about the risks
associated with clicking on unfamiliar email links or responding to
unusual requests that appear to come from co-workers.
In Georgia, tax authorities received a call on Wednesday from a
company's chief financial officer who said W-2 information for his
20 employees had been exposed in the email scam. State officials
quickly discovered that false returns had already been filed for
some of those employees, although refunds had been blocked because
the filings seemed suspicious.
"We will continue to help those employees for years to come
because once the identity is compromised, it is compromised
forever," said Josh Waites, director in the office of special
investigations in the Georgia Department of Revenue.
Cybersecurity experts also say that the scam shows criminals are
more often targeting specific employees who have valuable
information rather than hacking into a computer network in a blind
search for data.
"It's one-stop shopping. It's easy and is low-tech," says Brian
Lapidus, managing director in the identity-theft and
breach-notification practice at Kroll Associates Inc. He says the
investigations firm is receiving multiple calls daily from
companies that have released W-2 information to criminals.
The scam is a twist on an increasingly popular cyberattack known
as "business email compromise" in which criminals impersonate an
executive in an email and ask a subordinate to wire money to a bank
account. The funds are typically then quickly siphoned into an
offshore bank account where they are difficult to retrieve.
The Federal Bureau of Investigation said last year that it has
tracked more than 7,000 companies that have been victimized in such
compromises since late 2013, resulting in more than $740 million in
losses.
(END) Dow Jones Newswires
April 03, 2016 16:43 ET (20:43 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
PerkinElmer (NYSE:PKI)
Historical Stock Chart
From Aug 2024 to Sep 2024
PerkinElmer (NYSE:PKI)
Historical Stock Chart
From Sep 2023 to Sep 2024