Concord Technology Group

At Your Service - call 1-866-242-2775

7890 Forest Valley Lane
Concord Township OH, 44077

 

Who's the boss?

News > Who's the boss?

Who's the boss?

 

Warn your colleagues about phishing scams that impersonate real people.

 

In March, payday lending firm Moneytree warned employees that their personal information — including Social Security numbers — had been compromised. But this wasn’t a hack of the company’s servers; the only technology involved was email.

“Moneytree was apparently targeted by a scam in which the scammer impersonated me and asked for an emailed copy of certain information about the Company’s payroll including Team Member names, home addresses, Social Security numbers, birthdates and W2 information,” Moneytree co-founder Dennis Bassford wrote to employees. “Unfortunately, this request was not recognized as a scam, and the information about current and former Team Members who worked in the US at Moneytree in 2015 or were hired in early 2016 was disclosed.”

According to cybersecurity expert Brian Krebs, scams like this are on the rise: “Just based on the number of emails I’ve been forwarded from readers who say they were similarly notified by current or former employers, I’d estimate there are hundreds — if not thousands — of companies that fell for these phishing scams and exposed their employees to all manner of identity theft.”

“Phishing” refers to any attempt to trick people into sharing sensitive information. “Spear phishing” is targeted to a particular company. Email usually serves as the scammers’ rod and reel, and clever impersonation is the bait. In some cases they’ll use a phony account that closely resembles a real one: boss@conpany.com, instead of boss@company.com. (Did you have to look twice to see the difference?) Increasingly they try to gain access to a real email account, preferably belonging to someone in the C suite, by guessing a weak password or fast-talking their way through a phone call (watch this video) to see how easy it is to exploit people’s eagerness to be helpful).

Spear-phishing attacks often involve orders for immediate wire transfers. During tax season, however, requests for W2 information spike. Krebs explains: “W2 information is highly prized by fraudsters involved in tax refund fraud, a multi-billion-dollar problem in which thieves claim a large refund in the victim’s name, and ask for the funds to be electronically deposited into an account the crooks control.”

The IRS says that tax-related phishing scams are up 400 percent this year.

“If your CEO appears to be emailing you for a list of company employees, check it out before you respond,” said IRS Commissioner John Koskinen in a statement. “Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”