More companies hit by fake CEO attack to steal employees’ payroll information

It’s not just Seagate and Snapchat staff who should have just said “no” to the CEO.

W-2 form

It seems that February was a busy month for scammers, who managed to trick a number of companies into coughing up confidential payroll information about their staff.

I’ve already described how workers at Snapchat and Seagate were duped into believing that they were helping out a senior member of their management team when they sent out IRS W-2 tax forms (which include such sensitive information as workers’ social security numbers, salaries, and addresses) to an attacker.

But now, as suspected, it has become clear from documents filed with the authorities that other companies fell foul of the same scam.

Sign up to our free newsletter.
Security news, advice, and tips.

Corporate victims have included uniform rental service AmeriPride, IT firm Actifio, Billy Casper Golf, and media company Evening Post Industries – all of whom appear to have fallen for the same trick.

Disclosure letters

There’s an important lesson for companies and staff to learn here, as I explained in a recent YouTube video about the Snapchat breach: it’s okay to say no to your CEO.

If you haven’t run an awareness campaign to train your staff about the dangers of targeted phishing attacks, and just how easy it is for criminals to forge an email which appears to come from your CEO, then you are playing a dangerous game with your staff’s personal information.

Security means sometimes saying no to your CEO | Graham Cluley

The very real risk is that criminals will exploit the stolen information by creating online accounts with the IRS in order to fraudulently claim tax refunds.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.