Snapchat among companies duped in tax-fraud scam

SAN FRANCISCO - Tax-filing season is turning into a nightmare for thousands of employees whose companies have been duped by email fraudsters.

See Full Article

A major phishing scheme has tricked several major companies - among them, the messaging service Snapchat and disk-drive maker Seagate Technology - into relinquishing tax documents that exposed their workers' incomes, addresses and Social Security numbers.

The scam, which involved fake emails purportedly sent by top company officials, convinced the companies involved to send out W-2 tax forms that are ideal for identity theft. For instance, W-2 data can easily be used to file bogus tax returns and claim fraudulent refunds.

The embarrassing breakdowns have prompted employers to apologize and offer free credit monitoring to employees. Such measures, however, won't necessarily shield unwitting victims from the headaches that typically follow identity theft.

"This mistake was caused by human error and lack of vigilance, and could have been prevented," Seagate's chief financial officer, Dave Morton, wrote in a March 4 email to the company's employees about the breach.

The swindlers behind the tax scam are exploiting human gullibility rather than weaknesses in computer or Internet security. They have targeted company payroll and personnel departments, in many instances with emails claiming to be requests from the company CEO asking for copies of worker W-2s.

The schemes are so widespread that the IRS sent a March 1 notice alerting employers' payroll departments of the spoofing emails. The agency said the scheme has so far claimed "several victims," but declined Tuesday to disclose how many other employers had reported releasing W-2s to unauthorized parties. The IRS said it's seen a 400 per cent increase in phishing and computer malware incidents this tax-filing season.

The federal alert didn't come soon enough for Snapchat, which on Feb. 28 revealed that its payroll department had been duped by an email impersonating its CEO, Evan Spiegel. The Los Angeles company didn't specify how many employee W-2s it released. Snapchat didn't respond to requests for comment Tuesday.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Snapchat wrote in a post on its corporate blog .

Seagate acknowledged surrendering the W-2s for all of its current and former employees who worked at the company last year. The Cupertino, California, company said "several thousand" people were affected, but declined to be more precise. As of July last year, Seagate employed about 52,000 workers but all but 10,500 of them were based in Asia.

Both Snapchat and Seagate notified federal authorities about the phishing attacks and are offering affected workers two years of free credit monitoring.

It's unclear how many other employers have been sucked into the tax scam. Hundreds of companies appear to have been targeted, according to Stu Sjouwerman, CEO of KnowBe4, a Florida company that trains employers to detect and avoid such scams.

Phishing attacks commonly occur during holidays and other annual events, such as tax season, to prey upon people's routines, said Farih Orhan, director of technology at security firm Comodo. The attacks are becoming increasingly effective because they rely on powers of persuasion instead of an attachment or link that might raise suspicion, said Ed Jennings, chief operating officer at email security company Mimecast.

"It's just like someone who convinces you to hand over $20 on the street," Jennings said.

Sjouwerman said the W-2 seeking attacks are most likely are being sent by Eastern European hacker groups planning to sell the information or claim fraudulent tax refunds.

The most effective phishing attacks use emails decked in company logos and colours to reduce the chances of detection, Orhan said. It's relatively easy for con artists to pose as a CEO online, since they can quickly fetch convincing details from a Google search or a perusal of professional networking service LinkedIn.

That doesn't excuse payroll or personnel departments who reflexively acquiesce to requests in apparently legitimate email, experts say. For instance, Sjouwerman said his firm's controller received a phishing email that, at first glance, appeared to be sent by him. But the email asked the controller to "kindly prepare" employees' W-2s, a phrase that he never uses. Company employees were alert enough not to send out the W-2s.

Even without a red flag like that, payroll and personnel specialists should be trained well enough to question why a CEO needs to see individual worker W-2s in the first place.

"It's a case of: 'Oh, the boss wants it'," Sjouwerman said. "They stop thinking, 'Why would this be?"'


AP Technology Writer Brandon Bailey contributed to this report.


Latest Economic News

  • Bank places 100 'lucky pennies' across U.S. worth $1,000 each

    Economic CTV News
    DETROIT -- Stopping to pick up a stray penny off the ground may not seem worth the effort, yet one bank is trying to change that mindset by placing 100 fake pennies across the country worth $1,000 apiece. Source
  • Postmedia: Layoffs possible if buyouts don't meet cost-cutting target

    Economic CTV News
    TORONTO -- Postmedia said Thursday it plans to reduce its salary costs by 20 per cent through voluntary staff buyouts, adding that layoffs are possible if that target isn't met as it announced net losses that nearly doubled in its most recent quarter. Source
  • Wal-Mart, offer more choices for Singles Day

    Economic CTV News
    NEW YORK -- Wal-Mart and are offering more choices for Chinese shoppers ahead of Singles Day, one of the world's biggest online shopping days of the year. That includes two-hour delivery services at some Wal-Mart stores and a Wal-Mart global store on JD Worldwide,'s cross-border platform. Source
  • Postmedia aiming to cut staff costs again

    Economic CBC News
    Postmedia Network Canada Corp. says its intends to reduce staffing costs again as the company reported lower revenue and a deeper quarterly net loss. The company, which currently has about 4,000 employees, says it plans to cut costs through staff buyouts over the next few weeks, adding that layoffs are possible if its target isn't met. Source
  • Snoopy, Peanuts gang, cut loose by insurance giant MetLife as it retools

    Economic CBC News
    The MetLife Snoopy Two blimp comes in for a landing at the Park Township Airport in Holland, Mich., in this July 2007 photo. After 31 years as the face of insurance giant MetLife Inc. Source
  • Justin Trudeau on hand as Amazon announces Toronto-area expansion that will employ 700 people

    Economic CBC News
    Prime Minister Justin Trudeau is set to make an announcement at an Amazon facility in Brampton, Ont., on Thursday. It's not known what the announcement may entail, but given recent news from the company, it's likely to be jobs-related. Source
  • Justin Trudeau to make announcement at Toronto-area Amazon facility

    Economic CBC News
    Prime Minister Justin Trudeau is set to make an announcement at an Amazon facility in Brampton, Ont., on Thursday. It's not known what the announcement may entail, but given recent news from the company, it's likely to be jobs-related. Source
  • Snoopy, Peanuts gang, cut loose by MetLife as it retools biz

    Economic CTV News
    Snoopy has been handed the pink slip. After 31 years (almost 170 dog years) as the face of insurance giant MetLife Inc., the company said Thursday that it is launching a new global branding effort, marking the end of a long relationship with Charlie Brown's beagle and the Peanuts crew. Source
  • AltaGas gives green light to North Pine propane plant in northeastern B.C.

    Economic CTV News
    CALGARY -- AltaGas Ltd. (TSX:ALA) has decided to go ahead with construction of a propane extraction plant in northeastern British Columbia that will supply the proposed Ridley Island export terminal near Prince Rupert, B.C. The Calgary-based company says the North Pine processing facility, 40 kilometres northwest of Fort St. Source
  • Energy East pipeline 'will happen,' but taking too long: Arthur Irving

    Economic CTV News
    HALIFAX - The chairman of Irving Oil says the proposed Energy East Pipeline being considered by federal regulators "will happen," but it's taking too long. Arthur Irving says Alberta's struggling economy badly needs the pipeline to sell its fossil fuels, while his firm remains eager to form a partnership with TransCanada (TSC:TRP) to build a deepwater terminal in the Bay of Fundy where tankers can ship the crude to the world. Source