Information Security: Followup on Spearphishing Incident

I wrote some time back about a local restauranteur whose payroll department was taken by a spearphishing scammer impersonating the CEO via email. The scammer was sent W2 forms for around 4000 of the restaurant’s employees. As we all know the majority of any restaurant’s employees are low base wage and work for tips, and while some may be working their way while going to college by waiting tables, many others are supporting families at home. Therefore, these employees are ripe for the picking due to Earned Income Credit, personal exemptions, deductions, which in turn typically lead to large refunds for these employees. In this case, many of these employees likely had fraudulent tax returns filed by a scammer and any refunds due to the employee was stolen.

This particular data breach is now the subject of a federal lawsuit pending certification as a class action lawsuit. While this lawsuit will take a long time to work its way through court and likely will settle before judgement without anyone admitting liability, the legal ramifications of falling for a spearphish is, using a word of our current Commander-in-Chief, bigly. Always practice vigilance with email and be aware of any potential fraud. Remember these words from President Ronald Reagan – “Trust, but Verify”.