Business & Economy

State workers’ W-2 info compromised in phishing scam

At least 500 state workers fell prey to a phishing scam on Thursday, and state officials say the tax records of as many as 50 employees were compromised.

An email with the subject line “IMPORTANT TAX RETURN DOCUMENT AVAILABLE” took unsuspecting state workers to a dummy login landing page that replicated the Department of Human Resources website. The email encouraged employees to click on a link to get access to W-2 information.

State workers who entered their user name and password were taken to a W-2 form with their name, address, social security number and bank account number.

The scammers could then view the personal information.

Richard Boes, commissioner of the Department of Information and Innovation, said his agency tries to educate people not to click on phishing attacks, but “this one was a little better than the other ones — it looked more professional.”

Boes said DII shut down all outside access to the system so that even if someone clicked on the link they wouldn’t go to the phishing site.

The phishing scam began hitting state workers’ email inboxes at 10:57 a.m. Thursday. Human Resources sent out a warning to state employees about the scam at 11:33 a.m., and a warning from the Department of Innovation and Information followed at 11:43 a.m. The warnings from DII were sent to select groups of state employees over the course of the day, some coming through at 3:38 p.m. All state workers were notified by DHR and DII on Friday morning, state officials say.

DII notified the Department of Human Resources “mid-day,” according to commissioner Maribeth Spellman.

VTDigger is underwritten by:

“It’s one of those situations that sort of starts and people try to figure it out and put processes in place to figure out where it is coming from and informing them,” Spellman said.

The email came from a Comcast account, not a account. The IP addresses could be from anywhere in the world.

The Vermont State Police have opened an investigation, according to Darwin Thompson, deputy commissioner of DII. The Vermont Attorney General has also been notified and DII and DHR have complied with requirements for breaches of confidential information, Spellman says.

Thompson says the security of state payroll and tax systems have not been compromised as a result of the phishing incident.

Spellman said her department and DII have been working around the clock to identify potential victims and provide them with information about identity fraud, tax fraud assistance and credit reporting agency information. The departments have also contacted Microsoft to determine how the phishing attack got through the state email system.

“We were receiving calls on the help desk, walking through how to change passwords,” Spellman said. “We also forced changed everyone’s password in the system.”

DHR has been working with the Tax Department to flag accounts that may have been compromised.

Spellman said sophisticated fraud operations are active between now and February when employers provide W-2s to workers.

Criminals may try to file for tax refunds in other states, Thompson said.

Doug Gibson, spokesman for the Vermont State Employees’ Association, said that the union encourages employees who clicked on the link to contact DHR.

“It’s an unfortunate occurrence and we’re working with the state to make sure that everyone is receiving the protections they need,” Gibson said.

The text of the phishing email follows.

From: [email protected] [mailto:[email protected]] 
Sent: Thursday, January 21, 2016 10:58 AM
Dear Account Owner,

Our records indicate that you are enrolled in the Vermont State paperless W2 Program. As a result, you do not receive a paper W2 but instead receive e-mail notification that your online W2 (i.e. “paperless W2”) is prepared and ready for viewing.

Your 2015 W2 corrected statement is ready for viewing, follow the link below

Click Here to Login

To opt out of  the Paperless W2 Program, please login to Employee Self Service at the link above and go to the W2 Delivery Choice webpage and follow the instructions. 

Vermont State’s Human Resource Management Systems

Want to stay on top of the latest business news? Sign up here to get a weekly email on all of VTDigger's reporting on local companies and economic trends. And check out our new Business section here.


Anne Galloway

About Anne

Anne Galloway is the founder and editor of VTDigger and the executive director of the Vermont Journalism Trust. Galloway founded VTDigger in 2009 after she was laid off from her position as Sunday editor of the Rutland Herald and Times Argus. VTDigger has grown from a $16,000 a year nonprofit with no employees to a $2 million nonprofit daily news operation with a staff of 25. In 2017, Galloway was a finalist for the Ancil Payne Award for Ethics, the Al Neuharth Innovation in Investigative Journalism Award and the Investigative Reporters and Editors FOIA Award for her investigation into allegations of foreign investor fraud at Jay Peak Resort.

Email: [email protected]

Follow Anne on Twitter @GallowayVTD

Send us your thoughts

VTDigger is now accepting letters to the editor. For information about our guidelines, and access to the letter form, please click here.


Recent Stories

Thanks for reporting an error with the story, "State workers’ W-2 info compromised in phishing scam"