We know that the above e-mail couldn’t be real for a few reasons: Consumerist doesn’t have our own payroll department, and Olivia is a cat. Yet there’s a new variation of the now-classic CEO scam, where someone impersonates your boss over e-mail and requests a massive wire transfer. In this version, the boss impersonator does exactly what Fake Meg does above: they request a file of employee W-2 forms enabling them to commit identity theft, including filing fraudulent tax returns.
Krebs on Security reports that this variant showed up in the mailbox of someone in the accounting department of, appropriately enough, a company that provides training on security awareness. Fortunately, the appropriate staff members were well-trained enough to be suspicious, and knew not to send such sensitive documents by e-mail in the first place, and knew that the e-mail itself looked rather fishy.
The e-mailer wasn’t connected with the company and definitely wasn’t the CEO. “Imagine if we would have sent off those W-2’s!” the real CEO told Brian Krebs. “It would have opened up our employees to identity theft because the W-2’s have their full name, address, wages and Social Security number.”
Phishers Spoof CEO, Request W2 Forms [Krebs on Security]