Scam Targeting Employee W-2s a Growing Threat - NBC Connecticut
Asking the tough questions and solving problems


Scam Targeting Employee W-2s a Growing Threat

Scam Targeting Employee W2s

(Published Friday, March 11, 2016)

 The FBI has a warning about a new scam they say uses names of the CEO of companies to get employee information.

Crooks send an encrypted email to the human resources person at a company to make it look like an official company email from the CEO. Because the employee believes it’s an in-house email, the HR person or manager of payroll hands over employee W-2s without question.

This scam, also called the “CEO fraud” scam, is dangerous because if just one person falls for it, thousands of other people are at risk.

“The other people that it's affecting had nothing to do with giving up their information,” said FBI Special Agent Martin McBride. “So you got one person in a company that is giving up the information for everybody in the company, it's a huge risk.”

Earlier this week, the personal information of about 3,000 current and former employees of Affinion, which is based in Stamford, was exposed to the public because of this scam.

McBride said overall tens of thousands of people through out the U.S. have had their W-2 exposed by it and he thinks this is just the beginning .

Although cyber-scammers have been around for years, they are more sophisticated today, which makes them harder to catch. “They're harder to detect. They’re being more effective, you're no longer going for $10 or $20 at a pop they're going for the $100,000.00 bankroll.

“It's just gone to a new level.”

The FBI, IRS and Secret Service are working together to combat the “CEO fraud” scam. They believe stolen information will eventually be used to try to file fraudulent tax returns.

Experts say companies should educate all employees about the scam in hopes to prevent new victims. McBride also suggests employees make a phone call within the company and speak with an actual person to verify the request for W-2 before handing them over, no matter who has sent the request.