I’ve talked how clerks, nurses, and doctors at various clinics and hospitals have been clueless. They click on every eMail, opening up zip files, Word documents, even PDF (portable document files) that are laden with malware, ransomware, and viri.

You’d expect the payroll departments or human resources (HR) departments to be better populated?  Why?  The clerks in the hospital are paid no worse than the clerks in your company’s firm.  And, are probably just as cognizant of the dangers everyone else about such malware.  (In other words, totally f…..g  clueless.)

Except, many of these hackers have upped the ante.  Because hackers are desperate to get into law firms’ data, where they acquire eMail addresses and identities of corporate executives (plus valuable corporate plans and missions).  Now, these hackers can send eMail requests to payroll and HR departments asking for W-2 forms and a slew of other tax information.

And, now, your identity is gone.  These hackers have your name, your social security, last year’s income data- and they gain full access to your tax records.  So, next year, they can file false returns under your name and gain great rewards- such as tax refunds under your account.  Or, they could apply for credit cards in your name, since they have all the salient information- your employer, your salary, your social security number, etc.  In other words, those clueless clerks have toasted and roasted you.

Think I am exaggerating the problem?  (Why?  When have I ever done that?)  But, here’s a few of the firms that have screwed their employees- Weight Watchers, Seagate, Perkin Elmer, Sprout’s Farmer’s Market, even a golf course (Billy Casper Golf).   And, that’s just the ones who owned up to this stupidity.

Some clerks at firms have even been stupid enough to wire funds to an offshore account.  Because an eMail spam requested they do so.  Not a few firms- 7000 at least.  Who ‘donated’ ¾ of a billion dollars to these crooks.

According to the FBI, this is a global problem.  From December 2014 through February 2016, this activity has soaked up $2.3 billion from corporate economic gains.  17642 companies in 79 countries got sucked in by this trap.

And, compared to hacking into someone’s computer network, this is a low-tech activity.  It doesn’t take sophistication of any sort- just the stupidity of the receiver.  Yes, I call it stupidity because, in today’s society, this sort of scam is well known.  Both the employer for not training (and retraining and retraining) staff and the staff themselves should never succumb to such scams.

(To be honest, this is one of the reasons why our firm ALWAYS uses signatures (not that they can’t be stolen, but ours are not generic at all) is to inform our clients [and friends and relatives] that this message is really coming from us.)

Share this: