Scammers are smart these days — finding new ways to trick honest people every day.
This time, a scam involving fraudsters pretending to be company CEOs has put thousands of employees’ information at risk.
According to the FBI, this type of scam has cost companies over $2 billion dollars worldwide. And it’s an easy crime to commit, because all you really need is a computer and an Internet connection.
How the scam works
Fraudsters pose as CEOs or higher ups in a company and ask for information such as employee W-2s, or even ask an employee to wire money to an overseas bank account.
Here is the text of an example email requesting W-2 information:
‘I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.’
And the losses are huge. Just in the last six months, $800 million has been lost, according to CNBC.
‘Criminals don’t have borders and this is a global problem,’ said James Barnacle, chief of the FBI’s money laundering unit. ‘We’re working with our criminal investigation resources, our cyber resources, our international operations divisions — which is all our legal attachés overseas — and we’re working with foreign partners around the world to try to tackle this crime problem.’
Though authorities are trying to round up the thieves, it is difficult. These hackers are located all over the world and working with international law enforcement can be difficult.
Companies that fell for the scam included Snapchat, Seagate and Moneytree, among others.
What to do if you’re a victim
If your company has notified you that it was the victim of the CEO scam and your information was compromised, you’ll definitely want to consider doing a credit freeze. This would protect your identity in the event one of the scamsters tried to steal your identity.
For Clark’s guide on credit freezing and thawing click here.
How to avoid similar scams
Phishing is a way for criminals to carry out identity theft by using fake websites, emails and robocalls to try and steal your personal information — including passwords, banking info, Social Security number and other sensitive data.
Here are some tips to help you protect your information from scammers:
- When it comes to spotting potentially-dangerous websites, before you go to an unknown site, double-check the spelling of the web address/URL by first doing a search for it.
- If you receive an email claiming to be from your bank or other company that has your personal information, don’t click on any of the links. It could be a scam. Instead, log in to your account separately to check for any new notices. You can also call the company about the information sent via email.
- Also, don’t click on any links in an email you weren’t expecting. Do a search about whatever the sender claims to want or be offering you to make sure it’s legitimate. If you aren’t sure, do a search for the company and call them directly.