U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

All current and past Seagate employees victims of W-2 phishing

w-2-phishing – Scammers tricked an employee at data storage firm Seagate Technology into giving away W-2 tax documents on all current and past employees. According to a new sensation case revealed by the popular security expert Brian Krebs, cyber criminals last week tricked an employee at data storage company Seagate Technology into giving away W-2 tax documents on all current and […]

All current and past Seagate employees victims of W-2 phishing

w-2-phishing – Scammers tricked an employee at data storage firm Seagate Technology into giving away W-2 tax documents on all current and past employees.

According to a new sensation case revealed by the popular security expert Brian Krebs, cyber criminals last week tricked an employee at data storage company Seagate Technology into giving away W-2 tax documents on all current and past employees.

The leaked documents include Social Security numbers, salaries and other personal data that could be used by criminals for illegal activities.

The first thought is for tax refunds from the Internal Revenue Service (IRS), in fact, the data could be used by hackers to file phony tax refund requests.

W-2 phishing is becoming very popular in the criminal ecosystem, W-2 information could be used by fraudsters to file victim’s taxes and request refunds in their name.

According to Seagate, the incident occurred on March 1, Brian KrebsOnSecurity was informed of the case from a former Seagate employee who received a written notice from the company.

“On March 1, Seagate Technology learned that the 2015 W-2 tax form information for current and former U.S.-based employees was sent to an unauthorized third party in response to the phishing email scam,” announced the Seagate spokesman Eric DeRitis said. “The information was sent by an employee who believed the phishing email was a legitimate internal company request.”

“When we learned about it, we immediately notified federal authorities who are now actively investigating it. We deeply regret this mistake and we offer our sincerest apologies to everyone affected. Seagate is aggressively analyzing where process changes are needed and we will implement those changes as quickly as we can.”

DeRitis told to Krebs that several thousand former and current employees, anyway the number is less than 10,000.

It is curious to note that a few weeks ago Krebs published a post warning about email phishing scams targeting finance and HR personnel that spoof a letter from the organization’s CEO requesting all employee W-2 forms.

“With tax filing season in the United States well underway, scammers who specialize in tax refund fraud have a new trick up their sleeves: Spoofing emails from a target organization’s CEO, asking human resources and accounting departments for employee W-2 information.” wrote Krebs in the blog post 

Seagate is offering affected employees at least two-years membership to Experian’s ProtectMyID service.

The U.S. Federal Trade Commission (FTC) tracked a 47% percent increase in identity theft complaints in 2015, and tax refund frauds represents a significant portion of the complaints.

w-2-phishing Identity Theft

Krebs invites users to give a loot to his post “Don’t Be A Victim of Tax Refund Fraud in ’16” to avoid ugly surprises for more tips on avoiding this ID theft headache.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – w-2 phishing, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]