Identity Theft on Steroids

identity theft

Protecting your identity and preventing scammers from getting your valuable information is no longer simply your individual responsibility.

Your identity can now be stolen through the company you work for and there’s little you can do about it. The criminals are not discriminating either. They target everyone, corporations, schools, tribal organizations and non-profits.

Business Email Compromise (BEC) Attacks

I recently read an online article posted by a company that provides news, analysis and research on security and risk management reporting that just since February 5th of this year, 23 organizations have been the targets of Business Email Compromise (BEC) attacks. The IRS considers these types of attacks on companies where the scammers gain access to W-2 records the most dangerous they’ve seen in a long time. And that’s saying something because the cyber criminals have been outdoing themselves year after year. And this one could be called identity theft on steroids since they can gain access to literally thousands of Ids in one fell swoop.

According to the IRS, in 2016 at least 145 organizations have disclosed BEC-related data breaches with each resulting in compromised W-2 data. They confirmed that the BEC victims include ten school systems, a software development firm, a utility company in Pennsylvania, at least one restaurant in Indianapolis, and businesses operating within the healthcare, finance, manufacturing, and energy sectors.

How the Scam Works

The restaurant in Indianapolis is particularly enlightening as to how this scam works. According to cbs4indy.com, the local news channel in Indianapolis, thousands of employees at Scotty’s Brewhouse had their W-2 information leaked to a scammer.

Here’s how it happened according to cbs4indy.com. “According to the police report, an individual posing as company CEO Scott Wise sent an email to a payroll account employee. The email requested the employee to send all 4,000 employees W-2 forms in PDF form.” The sad thing is, according to the report, “Chris Martin, director of HR/Payroll for the company, told police the email did not really come from Wise. However, the payroll account employee did email all 4,000 W-2 forms to the unknown individual.”

Tax Season and Criminals in High Gear

With tax season in high gear, the criminals have stepped up their attempts to gain access to as many Social Security numbers as they can. Do your best to protect your information on social media and beware of suspicious emails or phone calls that say they come from the IRS. You might want to speak to your human resources director and find out what systems your employer has in place to protect sensitive information.

Other than that, you might want to look into identity theft insurance. Apparently the rates range from $25 to $60 per year according to the National Association of Insurance Commissioners. Of course the insurance can’t protect you from identity theft, but it could include credit alerts, account and credit monitoring and reimbursement for the costs associated with repairing your credit history if you become a victim. However, identity theft insurance does not cover monetary losses.  Short of that, all I can do is advocate prayer. Pray that you manage to avoid becoming a victim of identity theft.