Snapchat among companies duped in tax-fraud scam

SAN FRANCISCO - Tax-filing season is turning into a nightmare for thousands of employees whose companies have been duped by email fraudsters.

See Full Article

A major phishing scheme has tricked several major companies - among them, the messaging service Snapchat and disk-drive maker Seagate Technology - into relinquishing tax documents that exposed their workers' incomes, addresses and Social Security numbers.

The scam, which involved fake emails purportedly sent by top company officials, convinced the companies involved to send out W-2 tax forms that are ideal for identity theft. For instance, W-2 data can easily be used to file bogus tax returns and claim fraudulent refunds.

The embarrassing breakdowns have prompted employers to apologize and offer free credit monitoring to employees. Such measures, however, won't necessarily shield unwitting victims from the headaches that typically follow identity theft.

"This mistake was caused by human error and lack of vigilance, and could have been prevented," Seagate's chief financial officer, Dave Morton, wrote in a March 4 email to the company's employees about the breach.

The swindlers behind the tax scam are exploiting human gullibility rather than weaknesses in computer or Internet security. They have targeted company payroll and personnel departments, in many instances with emails claiming to be requests from the company CEO asking for copies of worker W-2s.

The schemes are so widespread that the IRS sent a March 1 notice alerting employers' payroll departments of the spoofing emails. The agency said the scheme has so far claimed "several victims," but declined Tuesday to disclose how many other employers had reported releasing W-2s to unauthorized parties. The IRS said it's seen a 400 per cent increase in phishing and computer malware incidents this tax-filing season.

The federal alert didn't come soon enough for Snapchat, which on Feb. 28 revealed that its payroll department had been duped by an email impersonating its CEO, Evan Spiegel. The Los Angeles company didn't specify how many employee W-2s it released. Snapchat didn't respond to requests for comment Tuesday.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Snapchat wrote in a post on its corporate blog .

Seagate acknowledged surrendering the W-2s for all of its current and former employees who worked at the company last year. The Cupertino, California, company said "several thousand" people were affected, but declined to be more precise. As of July last year, Seagate employed about 52,000 workers but all but 10,500 of them were based in Asia.

Both Snapchat and Seagate notified federal authorities about the phishing attacks and are offering affected workers two years of free credit monitoring.

It's unclear how many other employers have been sucked into the tax scam. Hundreds of companies appear to have been targeted, according to Stu Sjouwerman, CEO of KnowBe4, a Florida company that trains employers to detect and avoid such scams.

Phishing attacks commonly occur during holidays and other annual events, such as tax season, to prey upon people's routines, said Farih Orhan, director of technology at security firm Comodo. The attacks are becoming increasingly effective because they rely on powers of persuasion instead of an attachment or link that might raise suspicion, said Ed Jennings, chief operating officer at email security company Mimecast.

"It's just like someone who convinces you to hand over $20 on the street," Jennings said.

Sjouwerman said the W-2 seeking attacks are most likely are being sent by Eastern European hacker groups planning to sell the information or claim fraudulent tax refunds.

The most effective phishing attacks use emails decked in company logos and colours to reduce the chances of detection, Orhan said. It's relatively easy for con artists to pose as a CEO online, since they can quickly fetch convincing details from a Google search or a perusal of professional networking service LinkedIn.

That doesn't excuse payroll or personnel departments who reflexively acquiesce to requests in apparently legitimate email, experts say. For instance, Sjouwerman said his firm's controller received a phishing email that, at first glance, appeared to be sent by him. But the email asked the controller to "kindly prepare" employees' W-2s, a phrase that he never uses. Company employees were alert enough not to send out the W-2s.

Even without a red flag like that, payroll and personnel specialists should be trained well enough to question why a CEO needs to see individual worker W-2s in the first place.

"It's a case of: 'Oh, the boss wants it'," Sjouwerman said. "They stop thinking, 'Why would this be?"'

-----

AP Technology Writer Brandon Bailey contributed to this report.



Advertisements

Latest Economic News

  • Asian stocks post gains as oil price rallies

    Economic CTV News
    Shares in Asia are higher after an overnight advance on Wall Street spurred by the latest meeting minutes from the Federal Reserve. KEEPING SCORE: The Nikkei 225 stock index in Tokyo climbed 0.5 per cent to 19,849.10 and Hong Kong's Hang Seng added 0.5 per cent to 25,559.00. Source
  • Edmonton woman starts Canada's first cannabis staffing agency

    Economic Toronto Sun
    Alison McMahon should be able to find some really dope jobs after opening what she says is the first staffing agency working exclusively with Canada's budding marijuana industry. The Edmonton human resources specialist, who started Cannabis at Work in 2015 to advise companies on issues linked to the use of the drug for medical reasons, recently branched out to help firms find employees as the country moves toward legalizing recreational consumption in July 2018. Source
  • Metrolinx appealing latest court loss over $770M contract with Bombardier

    Economic CTV News
    TORONTO -- Metrolinx has filed an appeal questioning the decision of an Ontario judge last month that preserved the transit agency's contract with Bombardier Transportation. The notice of appeal deepens the legal dispute between the Ontario transit agency and Bombardier over the company's ability to fulfil train orders in Toronto, where gridlock has become an increasing frustration for hundreds of thousands of commuters. Source
  • Majority say buying Canadian, even if price is higher, is more important: Nanos survey

    Economic CTV News
    The majority of Canadians say that buying Canadian products is more important to them, even if the price is higher, according to a recent Nanos survey. Fifty-two per cent of those surveyed said that it is more important to them personally to buy a Canadian product, even if it costs more, while 28 per cent said that buying the cheapest product is more important when it comes to shopping. Source
  • Female CEOs make more than their male counterparts – but there are a lot less of them

    Economic Toronto Sun
    NEW YORK — Women CEOs earned big bucks last year, but there’s still very few of them running the world’s largest companies. The median pay for a female CEO was US$13.1 million last year, up 9% from 2015, according to an analysis by executive data firm Equilar and The Associated Press. Source
  • Feds launch contest for $950M 'supercluster' plan aimed at creating jobs, growth

    Economic CTV News
    OTTAWA -- The Trudeau government is opening the competition for its $950-million "supercluster" program that aims to bring together industry and academia as a way to lift the innovation economy. Economic Development Minister Navdeep Bains is adding new details about deadlines and qualifying criteria for a five-year initiative central to the feds' innovation program. Source
  • New TD centre to create up to 575 jobs in Moncton over 6 years

    Economic CBC News
    The TD Bank expects to create up to 575 full-time jobs in Moncton over a six-year period when it opens a business services centre in 2019 with up to $9 million in help from the provincial government. Source
  • New York fines BNP Paribas $350 million in trading scheme

    Economic CTV News
    New York state regulators have fined French bank BNP Paribas $350 million, alleging bank employees for years manipulated global currency markets to benefit themselves at the expense of their customers. The New York Department of Financial Services said Wednesday that from 2007 to 2013 at least a dozen BNP Paribas traders manipulated the foreign exchange market, using chat rooms and fake trades in currencies including the South African rand, Hungarian forint and Turkish lira. Source
  • Bombardier and U.S. aerospace supplier Triumph settle legal dispute

    Economic CTV News
    MONTREAL -- Bombardier and Triumph have reached a settlement about five months after the U.S. aerospace supplier filed a $455-million lawsuit against the Quebec-based aircraft manufacturer. Details of the settlement announced Wednesday were not disclosed. Source
  • New TD call centre will create 575 jobs in Moncton, N.B., province says

    Economic CTV News
    MONCTON, N.B. -- TD has announced plans for a new call centre in Moncton, N.B., that the provincial government says will create up to 575 full-time jobs. The Toronto-based bank will receive up to $9 million in financial assistance from the government, which says the call centre will add $109-million to the province's GDP over six years. Source