Email spoofing scam resulting in W2 fraud

(WFLA) — You would never expect your company to willingly hand over your personal information to a hacker, but it’s happening all the time. That’s because hackers are spoofing the email addresses of CEOs, so employees don’t realize they’re sending sensitive information to a hacker until it’s too late.

In some cases, hackers are obtaining W2 information so they can fill out bogus tax returns and make off with refunds.

The FBI refers to the scam as “Business Email Compromise,” and it can come in different forms. Between October 2013 and March 2016, the FBI reports more than 12,000 cases of BEC in the U.S. resulting in more than $900 million in losses. In Florida, there are more than 700 reported cases resulting in more than $29 million in losses.

In one incident, hackers targeted a law firm. According to a letter sent by the firm to the Attorney General in New Hampshire, an email looked like it came from the CEO and the employee willingly sent W2 forms to the hacker.

Stu Sjouwerman, Founder and CEO of KnowBe4, Inc, said there are methods companies can use to ward off these types of scams.

“Reconfigure the email servers. Make sure an email that comes from the outside, shouldn’t be able to get in. So they can block that,” he said.

The IRS has a form for victims of ID theft. It can be filed before fraud occurs, or after – including when hackers file returns and make off with refunds.

Helpful links:

IRS Identity Theft Affidavit:

Free Email Spoof Test from KnowBe4, Inc:

Report crime through the FBI’s Internet Crime Complaint Center:

Phishing/Spoofing tips from the FBI:

– Be suspicious of any unsolicited email requesting personal information.
– Avoid filling out forms in email messages that ask for personal information.
– Always compare the link in the email to the link that you are actually directed to.
– Log on to the official website, instead of “linking” to it from an unsolicited email.
– Contact the actual business that supposedly sent the email to verify if the email is genuine. provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others and keep the conversation on topic and civil. If you see an inappropriate comment, please flag it for our moderators to review.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s