Snapchat among companies duped in tax-fraud scam

SAN FRANCISCO - Tax-filing season is turning into a nightmare for thousands of employees whose companies have been duped by email fraudsters.

See Full Article

A major phishing scheme has tricked several major companies - among them, the messaging service Snapchat and disk-drive maker Seagate Technology - into relinquishing tax documents that exposed their workers' incomes, addresses and Social Security numbers.

The scam, which involved fake emails purportedly sent by top company officials, convinced the companies involved to send out W-2 tax forms that are ideal for identity theft. For instance, W-2 data can easily be used to file bogus tax returns and claim fraudulent refunds.

The embarrassing breakdowns have prompted employers to apologize and offer free credit monitoring to employees. Such measures, however, won't necessarily shield unwitting victims from the headaches that typically follow identity theft.

"This mistake was caused by human error and lack of vigilance, and could have been prevented," Seagate's chief financial officer, Dave Morton, wrote in a March 4 email to the company's employees about the breach.

The swindlers behind the tax scam are exploiting human gullibility rather than weaknesses in computer or Internet security. They have targeted company payroll and personnel departments, in many instances with emails claiming to be requests from the company CEO asking for copies of worker W-2s.

The schemes are so widespread that the IRS sent a March 1 notice alerting employers' payroll departments of the spoofing emails. The agency said the scheme has so far claimed "several victims," but declined Tuesday to disclose how many other employers had reported releasing W-2s to unauthorized parties. The IRS said it's seen a 400 per cent increase in phishing and computer malware incidents this tax-filing season.

The federal alert didn't come soon enough for Snapchat, which on Feb. 28 revealed that its payroll department had been duped by an email impersonating its CEO, Evan Spiegel. The Los Angeles company didn't specify how many employee W-2s it released. Snapchat didn't respond to requests for comment Tuesday.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Snapchat wrote in a post on its corporate blog .

Seagate acknowledged surrendering the W-2s for all of its current and former employees who worked at the company last year. The Cupertino, California, company said "several thousand" people were affected, but declined to be more precise. As of July last year, Seagate employed about 52,000 workers but all but 10,500 of them were based in Asia.

Both Snapchat and Seagate notified federal authorities about the phishing attacks and are offering affected workers two years of free credit monitoring.

It's unclear how many other employers have been sucked into the tax scam. Hundreds of companies appear to have been targeted, according to Stu Sjouwerman, CEO of KnowBe4, a Florida company that trains employers to detect and avoid such scams.

Phishing attacks commonly occur during holidays and other annual events, such as tax season, to prey upon people's routines, said Farih Orhan, director of technology at security firm Comodo. The attacks are becoming increasingly effective because they rely on powers of persuasion instead of an attachment or link that might raise suspicion, said Ed Jennings, chief operating officer at email security company Mimecast.

"It's just like someone who convinces you to hand over $20 on the street," Jennings said.

Sjouwerman said the W-2 seeking attacks are most likely are being sent by Eastern European hacker groups planning to sell the information or claim fraudulent tax refunds.

The most effective phishing attacks use emails decked in company logos and colours to reduce the chances of detection, Orhan said. It's relatively easy for con artists to pose as a CEO online, since they can quickly fetch convincing details from a Google search or a perusal of professional networking service LinkedIn.

That doesn't excuse payroll or personnel departments who reflexively acquiesce to requests in apparently legitimate email, experts say. For instance, Sjouwerman said his firm's controller received a phishing email that, at first glance, appeared to be sent by him. But the email asked the controller to "kindly prepare" employees' W-2s, a phrase that he never uses. Company employees were alert enough not to send out the W-2s.

Even without a red flag like that, payroll and personnel specialists should be trained well enough to question why a CEO needs to see individual worker W-2s in the first place.

"It's a case of: 'Oh, the boss wants it'," Sjouwerman said. "They stop thinking, 'Why would this be?"'

-----

AP Technology Writer Brandon Bailey contributed to this report.



Advertisements

Latest Economic News

  • Toronto Millennials dream of backyards but are stuck in condos: report

    Economic CTV News
    Toronto Millennials are the most educated group in Canada, but high housing costs are keeping some of the country’s most qualified workers in their parents’ basements or pushing them out of the province altogether, a new report suggests. Source
  • Facebook's Mark Zuckerberg apologizes to EU lawmakers over data leak

    Economic CBC News
    Facebook boss Mark Zuckerberg apologized to European Union lawmakers on Tuesday for a massive data leak, in his latest attempt to draw a line under a scandal that has rocked the world's biggest social media network. Source
  • What your kids should know about money in kindergarten, grade school and high school

    Economic CTV News
    Too many Canadians are reaching adulthood without the skills to successfully manage their financial futures, according to personal finance coach David Lester. The best way he sees to build that knowledge is for parents to start schooling their kids about money as early as possible. Source
  • The New York Stock Exchange just named its first female president in its 226-year history

    Economic CBC News
    The New York Stock Exchange for the first time in its 226-year history will be led by a woman. Stacey Cunningham, who started her career as a floor clerk on the NYSE trading floor, will become the 67th president of the Big Board. Source
  • New York Stock Exchange just named the 1st female president in its 226-year history

    Economic CBC News
    The New York Stock Exchange for the first time in its 226-year history will be led by a woman. Stacey Cunningham, who started her career as a floor clerk on the NYSE trading floor, will become the 67th president of the Big Board. Source
  • Ex-Valeant, Philidor executives convicted of kickback scheme

    Economic CBC News
    A former Valeant Pharmaceuticals International Inc executive and the former chief of mail order pharmacy Philidor Rx Services were found guilty on Tuesday of defrauding Valeant through a multimillion-dollar kickback scheme. The verdict, handed up by a jury in Manhattan federal court, comes on the heels of Valeant's announcement that it will change its name to Bausch Health Companies Inc as it seeks to distance itself from a series of scandals under its previous management. Source
  • Women cite 'grass ceiling' in male-dominated weed industry

    Economic CTV News
    JUNEAU, Alaska -- When Danielle Schumacher attended her first convention of marijuana activists about 15 years ago, she could count on one hand all the women in a room of older men. The lack of diversity struck the then-college student, who remembers feeling out of place but also determined to make her mark. Source
  • Airlines caving to Beijing despite White House protest

    Economic CTV News
    SHANGHAI -- Global airlines are obeying Beijing's demands to refer to Taiwan explicitly as a part of China, despite the White House's call this month to stand firm against such "Orwellian nonsense." The Associated Press found 20 carriers, including Air Canada, British Airways and Lufthansa, that now refer to Taiwan, the self-ruled island that Beijing considers Chinese territory, as a part of China on their global websites. Source
  • McDonald's workers in U.S. file sex harassment claims

    Economic CTV News
    NEW YORK -- Energized by the #MeToo movement, two national advocacy groups are teaming up to lodge sexual harassment complaints against McDonald's on behalf of 10 women who have worked at the fast food restaurant in nine cities. Source
  • OREA isn't backing down from GTHA affordability messaging after TREB controversy

    Economic CTV News
    TORONTO -- The Ontario Real Estate Association isn't backing away from its campaign on the lack of housing affordability in Toronto, even after harsh criticism from the province's largest real estate board. On Tuesday, OREA executives unveiled a Ryerson University report, which it sponsored, that found millennials in the Greater Toronto and Hamilton area are living with their parents longer as they struggle to find affordable houses in a market with limited supply. Source