'Please be extra vigilant': NC schools warned about email scam seeking private info
Posted March 20
Raleigh, N.C. — Melisa Jessup checked her email. In her inbox was a strange request from her boss, Stokes County Schools Superintendent Brad Rice.
I want you to compile and email W-2 copy of "All Employees" wage and tax statement for 2016. Kindly prepare and attach the lists in PDF file type and email them to me for review as soon as possible.
Something about the email didn't seem right. Why would the superintendent need employees' private tax information emailed to him? And where was the school district logo, which was normally included in his emails?
"I knew it was a phishing scam," said Jessup, who works as executive director of human resources and public information officer at the school system.
She immediately alerted the district's technology department, which confirmed that a scammer, pretending to be the superintendent, was trying to get school employees' personal information. The scammer used an AOL email address but made it appear as if the email came from the superintendent's official school account.
Stokes County wasn't the only school system affected in North Carolina. Last month, the state Department of Public Instruction emailed school finance officers with a warning that scammers had targeted several school districts in the state, with one falling victim to the hoax.
"The email will appear to come from your (school district) superintendent or other top administrator," state officials warned. "Please be extra vigilant about these types of scams during this tax season."
The W-2 phishing attack has been targeting schools across the country. The Internal Revenue Service issued an urgent warning last month, calling the scam "dangerous," and saying it had spread from the corporate world to school districts, tribal casinos, chain restaurants, temporary staffing agencies, healthcare and shipping and freight.
“This is one of the most dangerous email phishing scams we’ve seen in a long time," said IRS Commissioner John Koskinen. "It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme."
In North Carolina, scammers tried, and failed, to get personal information from Stokes County Schools and Mount Airy City Schools. But Davidson County Schools was not as lucky.
Last month, Davidson County school employees received a memo stating that their W-2 forms were sent out in response to a phony email request from someone pretending to be the superintendent, according to FOX8 in High Point. Names, addresses and social security numbers were some of the things compromised, the station reported.
Davidson County Superintendent Lory Morow apologized to employees for the breach.
"I know this is a stressful time for you and your family, and I apologize to everyone dealing with this situation," Morow said, according to FOX8. "Please know that we are working diligently to address this error and we are currently coordinating with our insurance carrier to set up credit monitoring services and a call center to support employees."
Mount Airy City Schools received the same scam email but was able to avoid problems after a payroll specialist reported it to her boss.
"The wording of our email matched what we are seeing from others," said Carrie Venable, Mount Airy schools' public information officer.
In Stokes County, where school leaders also successfully avoided the scammer's trap, the superintendent took a screen shot of the bogus email and sent it to his leadership team.
"The email is personalized to the correct names of my staff," he wrote.
That personalization really shook Jessup, the school district's HR director.
"It was scary," she said. "You could tell whoever the hacker was, they had tried to study (and) do some homework."
What to do if you're the victim of a W-2 scam
Employers should report W-2 thefts immediately to the IRS so the agency can help protect employees from tax-related identity theft, according to the agency.
Organizations receiving a W-2 scam email should forward it to email@example.com and place "W2 Scam" in the subject line. Organizations that receive the scams or fall victim to them should file a complaint with the Internet Crime Complaint Center, operated by the Federal Bureau of Investigation.
Employees whose W-2 forms have been stolen should review the recommended actions by the Federal Trade Commission at www.identitytheft.gov or the IRS at www.irs.gov/identitytheft. Employees should file a Form 14039, Identity Theft Affidavit, if the employee’s own tax return is rejected because of a duplicate Social Security number or if instructed to do so by the IRS.
Affected employers and companies should also alert the state tax agencies by notifying StateAlert@taxadmin.org.