INDIANAPOLIS (WISH) — The Indianapolis Metropolitan Police Department has confirmed another business has been hit by scammers using the W-2 ploy.
According to IMPD, American Senior Communities is the latest victim of the W-2 phishing scam. Police said the scam could impact thousands of employees.
ASC said the payroll processor responded to an authentic-looking email requesting copies of employee W-2 forms. The company is working with the Criminal Investigation Division of the IRS, the Indiana Attorney General’s Office, the Indiana Department of Revenue and local law enforcement on the case. Credit monitoring and reporting services will be offered to employees at the company’s expense.
“You should always pause, when sending an email that has sensitive information,” said Betsy Insenberg, who works in the AG’s consumer protection division.
Isenberg adds every employer should pause and verify the email, when getting an email for sensitive information. Sometimes Insenberg adds it takes a simple phone call.
Once ASC realized the personal information had been jeopardized, it contacted the Criminal Investigation Division of the IRS, the Indiana Attorney General’s Office, the Indiana Department of Revenue, and Indianapolis Metropolitan Police Department.
Recently, someone tried to phish an undisclosed school district for its W-2 information; however, the school researched the email and determined it wasn’t legit.
ASC adds that no resident or personal health information was taken in the phishing plot. Currently the senior housing provider has set up a toll free number to answer employee questions. The victims will receive free credit monitoring, and reporting services as well as assistance with tax filling concerns.
On Monday afternoon, ASC released this statement:
American Senior Communities (“ASC”) has discovered that its employees, like those in many other US companies this past year, have been the victims of a sophisticated and targeted phishing attack involving employee 2016 W2 forms issued in January 2017. In mid-January 2017, offshore scammers posing as a high level ASC executive, requested copies via e-mail of employee’s W2s. The payroll processor responded to the authentic looking e-mail by furnishing the requested information. ASC did not know of the security incident and unauthorized release of information until February 17 as the result of reports from employees that their tax returns were being rejected because someone else had already filed on their behalf.
Upon learning of these events, ASC promptly notified the Criminal Investigation Division of the IRS, the Indiana Attorney General’s Office, the Indiana Department of Revenue and local law enforcement. The company will continue to work with these authorities to resolve this unfortunate incident.
ASC began notifying its employees of the data theft on the same day it learned of the event and is setting up a toll free number to answer employees’ questions. All current and affected former employees will be provided, at ASC’s expense, free credit monitoring and reporting services as well as assistance with tax filing concerns.
No resident or personal health information was obtained during this attack.
ASC takes privacy seriously and deeply regrets that the incident occurred and offer our sincerest apologies to everyone affected.