Anne Galloway reports that at least 500 Vermont state employees fell for a phishing scam on Thursday that compromised at least 50 employees’ W-2 information.
Galloway provides the text of the phishing email in her report. Had the employees checked the From address, they might have been suspicious that it wasn’t from a .gov address, and the fact that so many employees fell for this one suggests the state needs a re-training session on phishing:
From: ESSW2@vermont [mailto:[email protected]]
Sent: Thursday, January 21, 2016 10:58 AM
Subject: IMPORTANT TAX RETURN DOCUMENT AVAILABLE
Dear Account Owner, Our records indicate that you are enrolled in the Vermont State paperless W2 Program. As a result, you do not receive a paper W2 but instead receive e-mail notification that your online W2 (i.e. “paperless W2”) is prepared and ready for viewing. Your 2015 W2 corrected statement is ready for viewing, follow the link below Click Here to Login To opt out of the Paperless W2 Program, please login to Employee Self Service at the link above and go to the W2 Delivery Choice webpage and follow the instructions. Vermont State’s Human Resource Management Systems
I would also have been suspicious of the “Dear Account Owner” instead of “Dear Employee” salutation, but I’m just a suspicious sort by now.
Read more on VTdigger.com.