You may have heard of the CEO scam: that’s where spear-phishers impersonate a CEO to hit up a company for sensitive information.
That’s what happened to Snapchat, when an email came in to its payroll department, masked as an email from CEO Evan Spiegel and asking for employee payroll information.
Snapchat’s payroll department fell for it. Ouch.
Here’s a turn of that same type of screw: the Internal Revenue Service (IRS) last week sent out an urgent warning about a new tax season scam that wraps the CEO fraud in with a W-2 scam, then adds a dollop of wire fraud on top.
A W-2 is a US federal tax form, issued by employers, that has a wealth of personal financial information, including taxpayer ID and how much an employee was paid in a year.
This new and nasty dual-phishing scam has moved beyond the corporate world to target nonprofits such as school districts, healthcare organizations, chain restaurants, temporary staffing agencies and tribal organizations.