More companies hit by fake CEO attack to steal employees’ payroll information

Graham Cluley

More companies hit by fake CEO attack to steal employees' payroll information

W-2 form

It seems that February was a busy month for scammers, who managed to trick a number of companies into coughing up confidential payroll information about their staff.

I’ve already described how workers at Snapchat and Seagate were duped into believing that they were helping out a senior member of their management team when they sent out IRS W-2 tax forms (which include such sensitive information as workers’ social security numbers, salaries, and addresses) to an attacker.

But now, as suspected, it has become clear from documents filed with the authorities that other companies fell foul of the same scam.

Corporate victims have included uniform rental service AmeriPride, IT firm Actifio, Billy Casper Golf, and media company Evening Post Industries – all of whom appear to have fallen for the same trick.

Disclosure letters

There’s an important lesson for companies and staff to learn here, as I explained in a recent YouTube video about the Snapchat breach: it’s okay to say no to your CEO.

If you haven’t run an awareness campaign to train your staff about the dangers of targeted phishing attacks, and just how easy it is for criminals to forge an email which appears to come from your CEO, then you are playing a dangerous game with your staff’s personal information.

The very real risk is that criminals will exploit the stolen information by creating online accounts with the IRS in order to fraudulently claim tax refunds.

Hat-tip: databreaches.net.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES