The NBA Milwaukee Bucks, tech company Seagate, and dozens of other companies’ and organizations’ data were compromised because one of their employees “helpfully” responded to the phishing scam by sending along a PDF of the company’s W2 data.
Reports are starting to come in that universities are being targeted with this kind of spear phishing scam. One university reported that a message like the one below was sent to “a handful of very targeted folks in our Payroll and HR departments.”
Do you have a file or folder with all our employees’ most recent W2’s in
PDF? If yes, could you write back and attach the file to you message.
I need to run a review for an upcoming presentation.
VP, Finance & Administrative Services
If you ever receive a request for student or employee confidential information, always double check that the request is legitimate and that the alleged requestor has a valid business or regulatory reason for requesting the information. And never send a file containing SSNs or other confidential information using unencrypted email.
Think B4 U Click!