New "phishing" scam sees hackers pose as CEOs
Tax season can turn into scam season by simply replying to a basic email request.
Picture this scenario: you work in a company's human resources office and receive an e-mail from your CEO or another high-level manager instructing you to forward personal information about employees. What should you do?
The Internal Revenue Service strongly urges you to check it out before sending any confidential information. That's because tax season is turning into scam season. Cunning hackers have hatched a new scam that sees them pose as company managers in their quest to snare sensitive data, including social security numbers.
WBFO reached out to a data security expert for insights into the latest phishing scheme. Attorney F. Paul Greene of the law firm Harter Secrest & Emery said companies must remain vigilant.
"These hackers and scammers always look for the path of least resistance," Greene said.
The scheme is known as a "spoofing" email and often contains the actual name of the company CEO who appears to be asking for W-2 tax documents, earning summaries, social security numbers or other sensitive data.
Some of the fake emails have used wording such as: "I need them in PDF file type. You can send as an attachment. Kindly prepare the lists and email them to me asap."
While few people have any desire to question their bosses, experts say it's critical that people who have access to confidential data double-check with organization officials before distributing such information.
“One approach that we see that works very well is to instill a culture of security in the organization to empower folks all along the information chain to raise their hands and ask questions, Greene said.
He added that the latest ploy only proves that some cybercriminals are trying to stay one step ahead of their illicit game.