17,000 American Senior Communities Employees are Victims of W-2 Phishing Scam
We are in the midst of tax season, which unfortunately means many Americans are at risk for fraud on their tax returns. About 17,000 American Senior Communities workers have had to face that reality. Employees reported they were unable to file a federal tax return, as the IRS said their return was a duplicate.
According to SC Media, cybercriminals were able to obtain employee W-2s when a company payroll worker fell for a phishing scam in January. Apparently, the fraudster posed as an American Senior Communities senior executive and requested a copy of all 2016 employee W-2 forms. The payroll worker, believing it was a legitimate request, sent the information to this unauthorized individual. The company was unaware of the breach until February 17, when a number of employees began reporting their tax returns were being declined.
As soon as they learned of the incident, the company notified employees and reported the attack to law enforcement, the Indiana Attorney General and the Indiana Revenue Department. Unfortunately, the information has already been used to file fake tax returns.
“No resident or personal health information was obtained during this attack. ASC takes privacy seriously and deeply regrets that the incident occurred and offers our sincerest apologies to everyone affected,” the company said in a statement.
The IRS warns against this type of scam on its website and urges employees to report phishing attacks immediately.
“This is one of the most dangerous email phishing scams we’ve seen in a long time. It can result in the large-scale theft of sensitive data that criminals can use to commit various crimes, including filing fraudulent tax returns. We need everyone’s help to turn the tide against this scheme,’’ said IRS Commissioner John Koskinen.