Log in

New Scam Alert: Protect Your Information Online

RALEIGH, N.C. : February 13th, 2017 - In North Carolina, phishermen are hauling in record-breaking catches. Back in 2015, six data breaches in the state were blamed on phishing and a total of 156 consumers were affected. In 2016 that number ballooned to 209 data breaches, with more than 19 thousand North Carolinians impacted. The Attorney General’s Office has received reports of 18 W-2 phishing breaches since the beginning of 2017, with 10 of those reports coming in the last week.
To avoid falling for a fraudulent email seeking money or personal information:
1) Verify that the message is authentic. This can be as simple as picking up the phone to confirm that the person named in the email actually sent the message.
2) Set a strict policy for wire transfers and disclosure of employee information. For example, require that such requests cannot be made solely by email or must be confirmed by telephone.
3) Warn employees about email scams and encourage them to report fraudulent emails they get.
Businesses, organizations and private citizens can report email scams to the Attorney General’s Consumer Protection Division by filing a consumer complaint online or calling 1-877-5-NO-SCAM toll-free within North Carolina. Consumers who are victims of a security breach can also get tips on steps to take to minimize the damage at ncdoj.gov
The N.C. Department of Revenue, along with the Internal Revenue Service and other state tax agencies, is cautioning businesses about an email scam that uses a corporate officer’s name to request W-2 information from company payroll or human resources departments. The information is then used to file fraudulent tax returns and claim the resulting refunds.
NCDOR officials urge business owners and CEOs to warn their human resources departments about unusual requests for their employees’ withholding information.
The payroll scam first appeared in North Carolina last year and has already resurfaced in 2017. This phishing variation is known as a "spoofing" e-mail. It will contain, for example, the actual name of the company chief executive officer. The "CEO" sends an email to a company payroll officer or human resource employee and requests a list of employees and information including social security numbers.
The following are examples of the verbiage and details that may be contained in the emails (note the incorrect grammar):
• Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
• Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
• I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
Visit http://www.dornc.com/individual/identitytheft.html for more information on preventing tax-related identity theft.