Excerpt from infographic at Cloudmark.com

Excerpt from infographic at Cloudmark.com

This spring, several companies’ employees were hooked by spear phishing that simulated email from their bosses. The email asked for a copy of the company’s W2 data (employees’ names, SSNs, and other confidential data).

The NBA Milwaukee Bucks, tech company Seagate, and dozens of other companies’ and organizations’ data were compromised because one of their employees “helpfully” responded to the phishing scam by sending along a PDF of the company’s W2 data.

Reports are starting to come in that universities are being targeted with this kind of spear phishing scam. One university reported that a message like the one below was sent to “a handful of very targeted folks in our Payroll and HR departments.”

Do you have a file or folder with all our employees’ most recent W2’s in
PDF? If yes, could you write back and attach the file to you message.

I need to run a review for an upcoming presentation.
Kind Regards,

Clyde Crashcup
VP, Finance & Administrative Services

If you ever receive a request for student or employee confidential information, always double check that the request is legitimate and that the alleged requestor has a valid business or regulatory reason for requesting the information. And never send a file containing SSNs or other confidential information using unencrypted email.


Think B4 U Click!