Snapchat among companies duped in tax-fraud scam

SAN FRANCISCO - Tax-filing season is turning into a nightmare for thousands of employees whose companies have been duped by email fraudsters.

See Full Article

A major phishing scheme has tricked several major companies - among them, the messaging service Snapchat and disk-drive maker Seagate Technology - into relinquishing tax documents that exposed their workers' incomes, addresses and Social Security numbers.

The scam, which involved fake emails purportedly sent by top company officials, convinced the companies involved to send out W-2 tax forms that are ideal for identity theft. For instance, W-2 data can easily be used to file bogus tax returns and claim fraudulent refunds.

The embarrassing breakdowns have prompted employers to apologize and offer free credit monitoring to employees. Such measures, however, won't necessarily shield unwitting victims from the headaches that typically follow identity theft.

"This mistake was caused by human error and lack of vigilance, and could have been prevented," Seagate's chief financial officer, Dave Morton, wrote in a March 4 email to the company's employees about the breach.

The swindlers behind the tax scam are exploiting human gullibility rather than weaknesses in computer or Internet security. They have targeted company payroll and personnel departments, in many instances with emails claiming to be requests from the company CEO asking for copies of worker W-2s.

The schemes are so widespread that the IRS sent a March 1 notice alerting employers' payroll departments of the spoofing emails. The agency said the scheme has so far claimed "several victims," but declined Tuesday to disclose how many other employers had reported releasing W-2s to unauthorized parties. The IRS said it's seen a 400 per cent increase in phishing and computer malware incidents this tax-filing season.

The federal alert didn't come soon enough for Snapchat, which on Feb. 28 revealed that its payroll department had been duped by an email impersonating its CEO, Evan Spiegel. The Los Angeles company didn't specify how many employee W-2s it released. Snapchat didn't respond to requests for comment Tuesday.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Snapchat wrote in a post on its corporate blog .

Seagate acknowledged surrendering the W-2s for all of its current and former employees who worked at the company last year. The Cupertino, California, company said "several thousand" people were affected, but declined to be more precise. As of July last year, Seagate employed about 52,000 workers but all but 10,500 of them were based in Asia.

Both Snapchat and Seagate notified federal authorities about the phishing attacks and are offering affected workers two years of free credit monitoring.

It's unclear how many other employers have been sucked into the tax scam. Hundreds of companies appear to have been targeted, according to Stu Sjouwerman, CEO of KnowBe4, a Florida company that trains employers to detect and avoid such scams.

Phishing attacks commonly occur during holidays and other annual events, such as tax season, to prey upon people's routines, said Farih Orhan, director of technology at security firm Comodo. The attacks are becoming increasingly effective because they rely on powers of persuasion instead of an attachment or link that might raise suspicion, said Ed Jennings, chief operating officer at email security company Mimecast.

"It's just like someone who convinces you to hand over $20 on the street," Jennings said.

Sjouwerman said the W-2 seeking attacks are most likely are being sent by Eastern European hacker groups planning to sell the information or claim fraudulent tax refunds.

The most effective phishing attacks use emails decked in company logos and colours to reduce the chances of detection, Orhan said. It's relatively easy for con artists to pose as a CEO online, since they can quickly fetch convincing details from a Google search or a perusal of professional networking service LinkedIn.

That doesn't excuse payroll or personnel departments who reflexively acquiesce to requests in apparently legitimate email, experts say. For instance, Sjouwerman said his firm's controller received a phishing email that, at first glance, appeared to be sent by him. But the email asked the controller to "kindly prepare" employees' W-2s, a phrase that he never uses. Company employees were alert enough not to send out the W-2s.

Even without a red flag like that, payroll and personnel specialists should be trained well enough to question why a CEO needs to see individual worker W-2s in the first place.

"It's a case of: 'Oh, the boss wants it'," Sjouwerman said. "They stop thinking, 'Why would this be?"'

-----

AP Technology Writer Brandon Bailey contributed to this report.



Advertisements

Latest Economic News

  • Russia says oil production cuts may continue to boost prices

    Economic CTV News
    KUWAIT CITY -- Russia's energy minister says there's "94 per cent" compliance on a six-month oil production cut among OPEC members and non-cartel nations, as well as discussions about continuing the cuts to boost crude prices. Source
  • Iran imposes sanctions on 15 U.S. companies

    Economic CTV News
    TEHRAN, Iran - Iran has imposed sanctions on 15 American companies over their alleged support for Israel, terrorism and repression in the region. A Foreign Ministry statement carried by the state-run IRNA news agency Sunday said the companies are barred from any agreements with Iranian firms and that former and current directors will not be eligible for visas. Source
  • How to roll up the rim without buying coffee

    Economic CBC News
    You don't need to make a purchase to enter contests such as Tim Hortons' Roll Up The Rim To Win. But sometimes the alternatives are just as costly. (Tim Hortons ) Despite the well-known slogan, you don't actually have to roll up the rim to win. Source
  • Convenience or comparison? Why sticking with 1 bank might not be the best option

    Economic CBC News
    Consumers love the convenience of one-stop shopping for their financial needs — but it could be costing them. In a poll conducted by Ipsos and commissioned by LowestRates.ca, an online interest rate comparison site, six in 10 Canadian respondents said they prefer to have all their financial products and credit cards at one bank. Source
  • More TV streaming services join U.S. market, leaving Canada far behind

    Economic CBC News
    YouTube's announcement that it will soon launch an online TV streaming service cut deep for some Canadians. That's because it's not coming here. YouTube TV will offer more than 40 live TV channels for only $35 US a month. Source
  • Poker tables keep decreasing on Las Vegas casino floors

    Economic CTV News
    LAS VEGAS -- When the Monte Carlo closes its eight-table poker room in about a month as part of a $450 million overhaul, the Las Vegas Strip will have lost nearly a quarter of the tables it had a decade ago. Source
  • Las Vegas casinos continue to close poker rooms

    Economic CTV News
    LAS VEGAS -- When the Monte Carlo casino closes its eight-table poker room in about a month as part of a $450 million overhaul, the Las Vegas Strip will be down nearly a quarter of the tables it had a decade ago. Source
  • Google's YouTube loses more advertisers over offensive videos

    Economic CBC News
    An advertising boycott of YouTube is broadening, a sign that big-spending companies doubt Google's ability to prevent marketing campaigns from appearing alongside repugnant videos. PepsiCo, Walmart Stores and Starbucks on Friday confirmed that they have also suspended their advertising on YouTube after the Wall Street Journal found Google's automated programs placed their brands on five videos containing racist content. Source
  • National contest tries to convince students that lucrative sales jobs are 'sexy'

    Economic CBC News
    Sonya Meloff wants everyone to know that a career in sales is sexy. Not sleazy. "I think that sales is a really sexy job," says the founder of the Toronto's Sales Talent Agency. "You get to be at the forefront of representing a company, you're the one that gets to talk to the customers. Source
  • Report examines grim Bangladesh leather trade, links to West

    Economic CTV News
    DHAKA, Bangladesh -- Hazardous, heavily polluting tanneries, with workers as young as 14, supplied leather to companies that make shoes and handbags for a host of Western brands, a non-profit group that investigates supply chains says. Source