The 2017 W-2 Phishing Victims List continues to grow, and I’m not posting most of them as individual reports, but one news story involving Monarch Beverage Company in Indianapolis deserves special mention because as CBS reports:
While investigating this incident, the company discovered the same thing happened in April 2016. A scammer posing as the CEO asked for the 2015 forms on April 4, 2016. Those forms were provided by the employee.
So yes, I went back to the 2016 W-2 Phishing Victims list and added the company to that list, too, bringing the 2016 list to 146 entries. The 2017 list stands at 30 entries as of the time of this posting, but given that this is only the beginning of February, that number will undoubtedly grow.
Update: and now there’s a second report where a firm investigating reports from this year confirmed a problem this year, but also found the source of their employees’ reports of problems last year. I’ve now added Land Title Guarantee Company to the 2016 list as well as to the current list. Unfortunately, one employee fell for phishing emails twice last year (in March and May of 2016), and an employee fell for a phishing email this year. Hopefully, Land Title is doing intensive training and retraining on avoiding phishing.