More companies hit by fake CEO attack to steal employees’ payroll information

It’s not just Seagate and Snapchat staff who should have just said “no” to the CEO.

W-2 form

It seems that February was a busy month for scammers, who managed to trick a number of companies into coughing up confidential payroll information about their staff.

I’ve already described how workers at Snapchat and Seagate were duped into believing that they were helping out a senior member of their management team when they sent out IRS W-2 tax forms (which include such sensitive information as workers’ social security numbers, salaries, and addresses) to an attacker.

But now, as suspected, it has become clear from documents filed with the authorities that other companies fell foul of the same scam.

Sign up to our free newsletter.
Security news, advice, and tips.

Corporate victims have included uniform rental service AmeriPride, IT firm Actifio, Billy Casper Golf, and media company Evening Post Industries – all of whom appear to have fallen for the same trick.

Disclosure letters

There’s an important lesson for companies and staff to learn here, as I explained in a recent YouTube video about the Snapchat breach: it’s okay to say no to your CEO.

If you haven’t run an awareness campaign to train your staff about the dangers of targeted phishing attacks, and just how easy it is for criminals to forge an email which appears to come from your CEO, then you are playing a dangerous game with your staff’s personal information.

Security means sometimes saying no to your CEO | Graham Cluley

The very real risk is that criminals will exploit the stolen information by creating online accounts with the IRS in order to fraudulently claim tax refunds.

Hat-tip: databreaches.net.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.