(Boise) – Attorney General Lawrence Wasden is asking Idahoans to be on the lookout for a particularly dangerous phishing scam that could compromise sensitive employee data.
The IRS notified the Attorney General’s Office this week of a scam that’s targeting schools, restaurants, hospitals, tribal groups and others. A number of Idaho organizations have been targeted by this threat.
“Cybercriminals continue to seek to plunder confidential information from Idaho businesses and employees,” Attorney General Lawrence Wasden said. “This is a particularly nefarious scam and a reminder that we should all remain vigilant when it comes to protecting sensitive data.”
According to the IRS, the scam works like this: Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their W-2 forms. The cybercriminal then follows up with an “executive” email to the payroll or comptroller and asks that a wire transfer also be made to a certain account. Although not tax related, the wire transfer scam is being coupled with the W-2 scam email, and some companies have lost both employees’ W-2s and thousands of dollars due to wire transfers.
The scam is not new, but reappeared in the last two weeks. Some organizations being targeted were also subject to a similar scam last year.
Businesses and organizations are asked to alert their payroll, finance and human resource employees about this scam as soon as possible. Those who don’t have internal policies for releasing employee W-2s or conducting wire transfers should consider creating them.