The NBC Connecticut Troubleshooters warned of scammers taking aim at employees’ w-2 forms in March, now it has happened again in Hartford.
Officials warn employees that if they receive an email from their boss asking for personal information, confirm that the email is legit.
Authorities said the so-called phishing scammers are carefully selecting their targets by researching companies online for the names of CEO’s, the heads of human resources and even payroll.
The scammers then pick people with access to w-2 forms before concocting phony emails from the boss and requesting that data.
Detective Borkowski is with Major Crimes in Hartford, “In an effort to please the bosses, it is usually quickly sent.”
This is exactly what happened, Hartford investigators said to the Girl Scouts of Connecticut last week.
The police report stated a fake email was sent by scammers pretending to be the Girl Scout’s CEO requesting w-2 information, along with tax and wage data of all employees--372 people altogether.
Scammers were able to obtain names, addresses, yearly earnings, social security numbers and worker employee identification numbers.
Detective Borkowski told the NBC Connecticut Troubleshooters, “The employee was smart enough to encrypt it and then followed up with a password encrypted email and the scammers got the information that way. They did the right thing sending it to please the boss, but should’ve verified the email was actually who it was purported to be from.”
“But if you don’t know how to go behind the email and see what’s in the full email headers, you can’t tell by just looking at the email that it’s from the executive,” Supervisory Special Agent Martin McBride with the FBI New Haven told NBC Connecticut Troubleshooters.
McBride said they’ve received other similar complaints too but the volume is slowing.
Authorities urge employees to pick up the phone and verify these requests
McBride added, “Don’t reply to the email because your email is going to go to the scammer.”
Detective Borkowski stated, “The best way to stop it is to educate peoples and to encourage people to question whether they’re requesting that kind of info and to not be afraid to wait, verify the source of the email through actual person and ask questions if you think it’s suspicious.”
Last month the phishing scam in the parking company, Laz.
“The problem always been there because criminals are organizing/becoming way more sophisticated and education of public not keeping up with sophistication and evolution of scams so it’s harder to detect and more effective," McBride said.
A spokesman for the Girl Scouts of Connecticut tells the NBC Connecticut Troubleshooters, “Since this is an ongoing investigation with HPD, we will let them speak to it. Obviously we are concerned,” said Sharon Bellinger; Chief Marketing Officer.
HPD investigators believe scammers may be selling the information retrieved on the Internet for tax purposes or possibly to open lines of credit or credit cards. Hartford police department has a real time crime center staffed with analysts to look up IP addresses of the emails received and sent to hopefully track the info.