Oklahoma School Breached by W-2 Phishing Scam

Media Division | March 3, 2017

There is a multitude of methods that cyber attackers will employ to breach organizations and individuals.  Phishing scams tend to be one of the most common forms of attack.  A phishing attack that has been going around for the past couple years is one targeted at W-2’s that are distributed around tax season.  An attacker will pose as an executive, and send crafted emails to HR or finance employees requesting the staffs W-2’s, to which employees who fall victim will send the documents.  This scam recently hit a school in Yukon, Oklahoma.

How the Breach Happened

In the recent attack, a hacker posing as Jason Simeroth, superintendent of Yukon public schools succeeded in convincing an HR employee to send the tax documents of around 1,300 full time and part time employees of the school system.  When the email was first received, the HR director had gone to Simeroth to verify the request, which he of course immediately said that he had not sent the email.  But unfortunately, one employee had fallen to the scam.  The incident was then reported to the Yukon Police Department, who said in their report that there was nothing that they could do.  The school had also reported it to the IRS, FBI, and even the Secret Service.

Purloined W-2’s can be used for a few different illicit activities.  For one, they give a criminal access to the employee’s social security numbers and other person information, which arises the potential for identity theft.  They can also be used to file fake tax returns so that the scammer can receive the refund.

This is unfortunately not the first incidence of this scam succeeding.  Another school district in Florida had also fallen victim to it last month as well.  It has been making its rounds this year, and the IRS had even put out a blog post warning of the scam.  The emails sent can appear to be very convincing, but there are often telltale signs to discover that it is a fake.  For one, phishing emails will commonly have spelling or grammatical errors that are quite blatant.  They will also have email addresses that may appear similar to the organizations, but there will be differences, such as @school.com.org, as opposed to @school.com.  The email addresses used may also be completely different and have no relation to the school address, but some simply overlook this.

What Organizations Can Do If They Are Breached

In the event that an organization receives one of these scam emails, the IRS has provided an email address that they can use to report it, which is phishing@irs.gov.  They also recommend that victims of the scam file a complaint with the Internet Crime Complaint Center (IC3), which is run by the FBI.  It is important that the IRS receive this information from any breached organizations so that they can be watchful of any fake returns that are filed.

Protecting Your Organization with Anti-Phishing Solutions

With the prominence of phishing attacks in the cyber world, it is critical that an organization stay protected from them.  Phishing attacks can be extremely clever, and a single undereducated employee can create a very large breach by following the instructions of the crafted emails.  Anti-phishing solutions can help to detect phishing campaigns around the web before they target your organization, and help to trace and eliminate the threat.  Massive Alliance’s anti-phishing solutions can help your organization to stay protected from these scams by stopping them in their tracks before they can launch an attack.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.