Snapchat among companies duped in tax-fraud scam

SAN FRANCISCO - Tax-filing season is turning into a nightmare for thousands of employees whose companies have been duped by email fraudsters.

See Full Article

A major phishing scheme has tricked several major companies - among them, the messaging service Snapchat and disk-drive maker Seagate Technology - into relinquishing tax documents that exposed their workers' incomes, addresses and Social Security numbers.

The scam, which involved fake emails purportedly sent by top company officials, convinced the companies involved to send out W-2 tax forms that are ideal for identity theft. For instance, W-2 data can easily be used to file bogus tax returns and claim fraudulent refunds.

The embarrassing breakdowns have prompted employers to apologize and offer free credit monitoring to employees. Such measures, however, won't necessarily shield unwitting victims from the headaches that typically follow identity theft.

"This mistake was caused by human error and lack of vigilance, and could have been prevented," Seagate's chief financial officer, Dave Morton, wrote in a March 4 email to the company's employees about the breach.

The swindlers behind the tax scam are exploiting human gullibility rather than weaknesses in computer or Internet security. They have targeted company payroll and personnel departments, in many instances with emails claiming to be requests from the company CEO asking for copies of worker W-2s.

The schemes are so widespread that the IRS sent a March 1 notice alerting employers' payroll departments of the spoofing emails. The agency said the scheme has so far claimed "several victims," but declined Tuesday to disclose how many other employers had reported releasing W-2s to unauthorized parties. The IRS said it's seen a 400 per cent increase in phishing and computer malware incidents this tax-filing season.

The federal alert didn't come soon enough for Snapchat, which on Feb. 28 revealed that its payroll department had been duped by an email impersonating its CEO, Evan Spiegel. The Los Angeles company didn't specify how many employee W-2s it released. Snapchat didn't respond to requests for comment Tuesday.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Snapchat wrote in a post on its corporate blog .

Seagate acknowledged surrendering the W-2s for all of its current and former employees who worked at the company last year. The Cupertino, California, company said "several thousand" people were affected, but declined to be more precise. As of July last year, Seagate employed about 52,000 workers but all but 10,500 of them were based in Asia.

Both Snapchat and Seagate notified federal authorities about the phishing attacks and are offering affected workers two years of free credit monitoring.

It's unclear how many other employers have been sucked into the tax scam. Hundreds of companies appear to have been targeted, according to Stu Sjouwerman, CEO of KnowBe4, a Florida company that trains employers to detect and avoid such scams.

Phishing attacks commonly occur during holidays and other annual events, such as tax season, to prey upon people's routines, said Farih Orhan, director of technology at security firm Comodo. The attacks are becoming increasingly effective because they rely on powers of persuasion instead of an attachment or link that might raise suspicion, said Ed Jennings, chief operating officer at email security company Mimecast.

"It's just like someone who convinces you to hand over $20 on the street," Jennings said.

Sjouwerman said the W-2 seeking attacks are most likely are being sent by Eastern European hacker groups planning to sell the information or claim fraudulent tax refunds.

The most effective phishing attacks use emails decked in company logos and colours to reduce the chances of detection, Orhan said. It's relatively easy for con artists to pose as a CEO online, since they can quickly fetch convincing details from a Google search or a perusal of professional networking service LinkedIn.

That doesn't excuse payroll or personnel departments who reflexively acquiesce to requests in apparently legitimate email, experts say. For instance, Sjouwerman said his firm's controller received a phishing email that, at first glance, appeared to be sent by him. But the email asked the controller to "kindly prepare" employees' W-2s, a phrase that he never uses. Company employees were alert enough not to send out the W-2s.

Even without a red flag like that, payroll and personnel specialists should be trained well enough to question why a CEO needs to see individual worker W-2s in the first place.

"It's a case of: 'Oh, the boss wants it'," Sjouwerman said. "They stop thinking, 'Why would this be?"'

-----

AP Technology Writer Brandon Bailey contributed to this report.



Advertisements

Latest Economic News

  • Asian shares stumble as European Central Bank rally fades

    Economic CTV News
    KUALA LUMPUR, Malaysia - Asian shares meandered Friday as an overnight rally in U.S. markets helped by the European Central Bank's decision to extend its bond-buying economic stimulus program faded. South Korea's benchmark slipped as lawmakers prepared to vote on whether or not to impeach President Park Geun-hye. Source
  • Sales, profit at Sears in U.S. continue to decline

    Economic CTV News
    HOFFMAN ESTATES, Ill. -- Sears, the one-time standard bearer for U.S. retail, has posted quarterly losses for more than a year now, and sales continue to slide as the company shutters poorly performing stores. The company's cash situation, which has led in the past to clashes with suppliers, is an ongoing concern. Source
  • Stock markets in New York hit new record highs

    Economic CBC News
    Major stock markets in New York closed at record highs Thursday amid a broad rally from banks, materials and technology companies. The Dow Jones industrial average advanced 65.19 points at 19,614.81, while the S&P 500 added 4.84 points at 2,246.19, both hitting all-time highs for a second day in a row. Source
  • BlackBerry launches new security platform to help companies manage connectivity

    Economic CTV News
    WATERLOO, Ont. - BlackBerry revealed its latest security offering on Thursday intended to help companies reliably manage their current and future connectivity needs. The company's new platform, BlackBerry Secure, is designed to help businesses keep tabs on all their devices to transmit sensitive data to keep people, information and goods safe. Source
  • NHL won't change name of Vegas Golden Knights despite trademark denial

    Economic CBC News
    The National Hockey League says it won't change the name or logo of its newest club, despite being denied a trademark by U.S. authorities. Just a couple of weeks after the Vegas Golden Knights revealed their name, logo and team colours, the U.S. Source
  • Coke sets sights on new demographic: foodies

    Economic CTV News
    NEW YORK -- What beverage goes best with lobster rolls, a bagel sandwich stuffed with whitefish, or a bowl of ramen? Coke wants you to think of soda. Coca-Cola is trying to sell more of its flagship beverage by suggesting the cola can accompany a wide range of meals, rather than just the fast food and pizza with which it's a mainstay. Source
  • Overhead bin fees? Yes, with United's new 'basic' fare

    Economic CTV News
    United Airlines is creating some turbulence in the airline industry with changes to its fare structure, including a new “basic economy” fare. The cheap ticket comes with a catch, however: If you want to use the overhead bin, you must pay an extra charge. Source
  • SNC-Lavalin cutting 405 jobs in Canada mainly due to mining weakness

    Economic CBC News
    Engineering giant SNC-Lavalin is cutting another 405 jobs in Canada due to the weakness in the mining sector and ongoing efforts to boost its profit margin. Spokesman Louis-Antoine Paquin says the company will eliminate 186 positions in Montreal, 195 in Ontario and 24 in Saskatoon, says spokesman Louis-Antoine Paquin. Source
  • Public sector workers paid 10.6% more than private sector average: Fraser Institute

    Economic CBC News
    Almost 90 per cent of public sector workers have some sort of pension plan. By constrast, less than a quarter of private sector workers do. (Chris Wattie/Reuters) People who work in the public sector make almost 11 per cent more than their counterparts in the private sector, a new analysis of Statistics Canada data by the Fraser Institute think tank has found. Source
  • Toronto, Hamilton, K-W expected to lead country in 2017 house price gains: Re/Max

    Economic CBC News
    Re/Max sees the average national house price rising by two per cent in 2017, led by big projected gains in real estate prices in the Hamilton, the Greater Toronto Area and Kitchener-Waterloo. In its 2017 housing market outlook, which was released Thursday, Re/Max said it sees house price appreciation in Hamilton leading the country with an 11 per cent gain in average residential home sale prices, followed by eight per cent gains expected for both the GTA and K-W. Source