A dangerous scam is now spreading from businesses to other types of employers, according to the North Carolina Attorney General’s Office. In the scam, a worker in the human resources or payroll department receives an email from the CEO or a top executive. The message requests W-2s or other private information about the organization’s employees. But it is a phishing email, a convincing-looking fake, and the confidential information is delivered into the hands of crooks. The IRS has just issued a warning to all employers about this scam.
In North Carolina, phishermen are hauling in record-breaking catches. Back in 2015, six data breaches in the state were blamed on phishing and a total of 156 consumers were affected. In 2016 that number ballooned to 209 data breaches, with more than 19 thousand North Carolinians impacted. The Attorney General’s Office has received reports of 18 W-2 phishing breaches since the beginning of 2017, with 10 of those reports coming in the last week.
To avoid falling for a fraudulent email seeking money or personal information:
- Verify that the message is authentic. This can be as simple as picking up the phone to confirm that the person named in the email actually sent the message.
- Set a strict policy for wire transfers and disclosure of employee information. For example, require that such requests cannot be made solely by email or must be confirmed by telephone.
- Warn employees about email scams and encourage them to report fraudulent emails they get.
Businesses, organizations and private citizens can report email scams to the Attorney General’s Consumer Protection Division by filing a consumer complaint online or calling 1-877-5-NO-SCAM toll-free within North Carolina. Consumers who are victims of a security breach can also get tips on steps to take to minimize the damage at ncdoj.gov.