State workers’ W-2 info compromised in phishing scam

At least 500 state workers fell prey to a phishing scam on Thursday, and state officials say the tax records of as many as 50 employees were compromised.

An email with the subject line “IMPORTANT TAX RETURN DOCUMENT AVAILABLE” took unsuspecting state workers to a dummy login landing page that replicated the Department of Human Resources website. The email encouraged employees to click on a link to get access to W-2 information.

State workers who entered their user name and password were taken to a W-2 form with their name, address, social security number and bank account number.

The scammers could then view the personal information.

Richard Boes, commissioner of the Department of Information and Innovation, said his agency tries to educate people not to click on phishing attacks, but “this one was a little better than the other ones — it looked more professional.”

Boes said DII shut down all outside access to the system so that even if someone clicked on the link they wouldn’t go to the phishing site.

The phishing scam began hitting state workers’ email inboxes at 10:57 a.m. Thursday. Human Resources sent out a warning to state employees about the scam at 11:33 a.m., and a warning from the Department of Innovation and Information followed at 11:43 a.m. The warnings from DII were sent to select groups of state employees over the course of the day, some coming through at 3:38 p.m. All state workers were notified by DHR and DII on Friday morning, state officials say.

DII notified the Department of Human Resources “mid-day,” according to commissioner Maribeth Spellman.

“It’s one of those situations that sort of starts and people try to figure it out and put processes in place to figure out where it is coming from and informing them,” Spellman said.

The email came from a Comcast account, not a Vermont.gov account. The IP addresses could be from anywhere in the world.

The Vermont State Police have opened an investigation, according to Darwin Thompson, deputy commissioner of DII. The Vermont Attorney General has also been notified and DII and DHR have complied with requirements for breaches of confidential information, Spellman says.

Thompson says the security of state payroll and tax systems have not been compromised as a result of the phishing incident.

Spellman said her department and DII have been working around the clock to identify potential victims and provide them with information about identity fraud, tax fraud assistance and credit reporting agency information. The departments have also contacted Microsoft to determine how the phishing attack got through the state email system.

“We were receiving calls on the help desk, walking through how to change passwords,” Spellman said. “We also forced changed everyone’s password in the system.”

DHR has been working with the Tax Department to flag accounts that may have been compromised.

Spellman said sophisticated fraud operations are active between now and February when employers provide W-2s to workers.

Criminals may try to file for tax refunds in other states, Thompson said.

Doug Gibson, spokesman for the Vermont State Employees’ Association, said that the union encourages employees who clicked on the link to contact DHR.

“It’s an unfortunate occurrence and we’re working with the state to make sure that everyone is receiving the protections they need,” Gibson said.

The text of the phishing email follows.

From: [email protected] [mailto:[email protected]] 
Sent: Thursday, January 21, 2016 10:58 AM
Subject: IMPORTANT TAX RETURN DOCUMENT AVAILABLE
 
Dear Account Owner,

Our records indicate that you are enrolled in the Vermont State paperless W2 Program. As a result, you do not receive a paper W2 but instead receive e-mail notification that your online W2 (i.e. “paperless W2”) is prepared and ready for viewing.

Your 2015 W2 corrected statement is ready for viewing, follow the link below

Click Here to Login

To opt out of  the Paperless W2 Program, please login to Employee Self Service at the link above and go to the W2 Delivery Choice webpage and follow the instructions. 

Vermont State’s Human Resource Management Systems

Anne Galloway

Leave a Reply

4 Comments on "State workers’ W-2 info compromised in phishing scam"

Comment Policy

VTDigger.org requires that all commenters identify themselves by their authentic first and last names. Initials, pseudonyms or screen names are not permissible.

No personal harassment, abuse, or hate speech is permitted. Be succinct and to the point. If your comment is over 500 words, consider sending a commentary instead.

We personally review and moderate every comment that is posted here. This takes a lot of time; please consider donating to keep the conversation productive and informative.

The purpose of this policy is to encourage a civil discourse among readers who are willing to stand behind their identities and their comments. VTDigger has created a safe zone for readers who wish to engage in a thoughtful discussion on a range of subjects. We hope you join the conversation.

Privacy policy
Sort by:   newest | oldest | most voted
Chuck Shannon
6 months 1 day ago

How did this scammed get their email addresses? Sounds like the beginning of a nightmare for those affected. Someone stole my debit card number and even that was a nightmare!

Ned Pike
6 months 15 hours ago

Simple. VT e-mail addresses are generally public records. They’re right in the online directory.

http://www.vermont.gov/phonebook/index.php?pg=quick

rosemarie jackowski
6 months 1 day ago

Is there anyone who believes that medical records can be private now that they are digitized? There is no such thing as privacy any more. This is the Brave New World of the Internet. Ted Kaczyinski warned us.

David Dempsey
6 months 11 hours ago

Commissioner Spellman,

It’s 11:30pm Saturday. Hope your around the clock investigation is going well. Your diligence is exemplary.

wpDiscuz
Thanks for reporting an error with the story, "State workers’ W-2 info compromised in phishing scam"