Tax season is here and with that comes the increased risk of the bad guys trying to steal your data and identity. Morton, Illinois, school district 709 was recently a victim of CEO fraud, a type of phishing email used to extract sensitive data from a target. The CEO fraud email is basically an email that is masquerading as a legitimate email from someone who might actually require the information being asked for. In the Morton, Illinois, case, the email appeared to come from the Superintendent of the school district, Lindsey Hall.
If the email is successful and the target is duped, the attacker has all the information they need to wreak havoc with the information that was freely given to them. In the Morton, Illinois, case, the target did indeed send the information requested, which included district employees social security numbers. The emails were traced and the district claims they originated in Russia.
“Upon learning about the security breach, we took immediate steps by contacting the police department as well as the school district insurer to provide all employees with tracking tools to monitor any possible illegal use of the social security numbers,” Hall said in a statement. “We apologize for this email intrusion and we will continue to work with the police investigators to try and identify how this happened and to take steps to ensure that it cannot happen again.”
The Morton, Illinois, incident isn’t the first, Campbell County Health in Gillette, Wyoming, also fell victim to CEO fraud last week, and Snapchat was hit with a similar attack last February. The story is nearly identical to the Morton story, both were victims of social engineering.
“It appears that an unauthorized individual, impersonating a CCH executive, contacted an employee requesting W-2 information for all of our employees who had taxable earnings in calendar year 2016,” said Andy Fitzgerald, CEO of Campbell County Health. “We take this matter and the security of personal information very seriously at CCH and we will continue to review and enhance our security practices to further secure our systems,” Fitzgerald said.
Companies and institutions should be on high-alert these next few months as tax season swings into full bloom. It seems this phishing scam could become a prime weapon for those seeking to take advantage of many people.
What do you think of the CEO fraud phishing scam? Let us know in the comments below or on Twitter, Facebook, and Google+.