Jim Hegarty, president of bureau’s Omaha-Council Bluffs chapter, says the ruse could also expose thousands of workers to identity theft as the hackers disguise themselves as a company’s CEO in an email.
“Recently, a company’s CFO received an email asking for all of the employees’ W-2 tax statements to be sent to him in PDF format,” Hegarty says. “The CFO did the right thing. He reached out directly to the CEO saying, ‘Do you really need this from me?’ and the CEO had no idea what he was talking about.”
The con artists will hack into a company’s internal email servers and do reconnaissance for perhaps several weeks before launching their attack. “Often, it’s the result of the cyberhackers being in your system for quite some time in the background,” he says. “They sort of learn what’s going on in your organization and then they target emails specifically to try to take advantage of the knowledge they’ve gained.”
A local company, which was not identified, fell victim to the scam. “There was a CFO that received a correspondence from the company’s CEO on a really high-level deal that was occurring,” Hegarty says. “He needed money transferred in order to make it happen. Everything was to be kept confidential and the losses for this corporation were in the tens of millions of dollars.”
The best defense is having strong firewalls and remaining vigilant to check up directly on email requests that seem out of the ordinary, involve employees’ personal information or large amounts of money.