‘Spear Phishing’ W-2 Scam Targeting Businesses and Tribal Organizations
You may have heard of online 'phishing' expeditions, but now there's a new scam targeting businesses called 'spear phishing.'
Investigator for the Montana Office of Consumer Protection, Marcus Meyer, said his office has received multiple reports of businesses being targeted by a sophisticated 'spear phishing' scam, also known as the 'CEO' or 'W-2' scam. Meyer details how the ruse works.
"The scammer will send out emails to members of the organization claiming to be the CEO or the CFO, and requesting W-2 information," Meyer said. "If that information is sent out, then that company becomes the victim of a data breach, and all data breaches are required by law to be reported to the Office of Consumer Protection."
Meyer said the targeted business, nonprofit or tribal organization is required to provide certain information to the Office of Consumer Protection so that the public can be notified of the data breach.
"They need to provide us with how many Montana citizens were affected by that breach," he said. "We also need to know the time frame of when that happened, what type of information was stolen, whether it may be a W-2, medical records or other account information."
Meyer said as of Thursday, March 23, three businesses in Montana have fallen victim to this scam so far this tax season, The Internal Revenue Service warns that this scheme is meant to compromise the personal information of as many people as possible within each targeted organization.
Anyone who believes that may have fallen victim to this 'spear phishing' scam is asked to contact the Montana Office of Consumer Protection at (800) 481-6896 or (406) 444-4500.. You may also contact the office by clicking here.