INDIANAPOLIS (WISH) — The Indiana Attorney General is now warning businesses and organizations to be on high alert after three companies in the Hoosier state became targets of an email phishing scam.
The scammers are getting very sophisticated with their operation. One Indianapolis company was fooled twice.
Security experts said scammers are researching the companies, disguising and redirecting actual email addresses to go somewhere else.
“Soon as you hit send, it’s gone so that’s the problem,” said Eric Schmidt, Chief Security Information Officer for Butler University. “Soon as you hit send that information is gone.”
In this day and age where everyone is trying to protect their personal and financial information, scammers are working one step ahead to gain access online.
“It’s hard to just look at the email anymore, to look at the content of the email to say this is good or this is bad,” he said.
“It used to be that you could look at the emails that came in and you could tell it was poor English, it didn’t make a lot of sense,” he said, “But they’ve gotten very sophisticated over the past few years.”
Investigators said scammers would pose as the CEO of a company and would ask for copies of the tax documents in an email.
“These scams are a social engineering attack is what we call them and it goes by a person’s willingness to help their boss or to help somebody else who called asking for something,” he said.
So what should you be looking for in an email to make sure it’s legitimate? Schmidt said always double check the sender’s email address.
“When you look at the ‘to’ line it will have the individual’s name or the boss’s name for example,” he said. “But if you float your mouse cursor over that a lot of times it will reveal the real email address it’s going back too.”
Schmidt said it’s also important for companies to have procedures in place when sending highly sensitive information.
“When somebody ask for that, we either call back to make sure that’s what they need or don’t reply back to an email and open up a new email, type in the boss’s email and send that way,” he said.
The Internal Revenue Service said the W-2 scam is one of the most dangerous email phishing scam the agency has seen in a long time.
The attorney general is also encouraging people affected by the scam to sign up for a credit freeze to protect yourself from becoming a victim of identity theft.