Holidays and the tax-filing season are considered by scammers to be very lucrative times of the year. After all, it is during these times of the year that employers usually find their hands full with documentation relating to their employees. Thus, there is a good chance that someone, somewhere within a firm's corporate structure might just get a little bit careless.

This year, a widespread phishing scam struck gold, managing to dupe numerous firms, including social media frontrunner Snapchat and disk drive maker Seagate Technologies, into releasing their employees tax documents. Of course, by doing so, the firms inadvertently placed their employees at risk.

The form that was successfully acquired by the fraudsters through the scam, the employees' W-2 tax forms, included sensitive data such as employees' incomes, personal addresses and even their social security numbers. In fact, W-2 tax forms are among the most widely used documents to claim false tax returns and refunds.

In a lot of ways, the reason behind the success of the phishing scam lies in the simplicity of the operation. The fraudsters simply sent out emails that were made to appear as if it was sent by each firm's top officials. For employees who are already knee-deep in employees' documentation during this time of the year, responding to the alleged "official" email with the requested information would come as second nature.

For a lot of the companies that were duped, the realization that they were scammed came a little bit too late.

Dave Morton, Seagate's chief financial officer, stated that the firm's mistake was strictly caused by human error. Seagate's fiasco allegedly happened on March 2 when an employee unknowingly forwarded the company's W-2 forms to the scammers. While the company immediately contacted federal authorities about the attack, the damage had been done.

"This mistake was caused by human error and lack of vigilance, and could have been prevented," he said.

For its part, Snapchat immediately apologized to its employees after the company was duped. Both the social media company and Seagate, as well as other firms that were scammed, have offered their employees two years of free credit monitoring.

"When something like this happens, all you can do is own up to your mistake, take care of the people affected, and learn from what went wrong," Snapchat wrote in a statement.

Despite the firms' offer of free credit monitoring and their heartfelt apologies, employees who would possibly get affected by the scam would still need to contend with all the headaches associated with fraud, or worse, even identity theft. 

@ 2024 HNGN, All rights reserved. Do not reproduce without permission.