INDIANAPOLIS, Ind. – For the third time in less than a month, a major Indianapolis employer is tricked into disclosing personal tax information for thousands of employees.
Officials at American Senior Communities said in a statement they have been hit by a sophisticated phishing attack targeting their employees, but not their residents.
Police wouldn’t say how many employees fell victim, but say the number may be as high as 17 thousand.
According to a statement from the company, in mid-January offshore scammers posing as a high level A-S-C executive requested copies via e-mail of employee’s W2’s.
The payroll processer complied, handing over thousands of sensitive tax documents.
“The emails being sent look very authentic. They look like they’re coming from the person who’s listed as the sender,” said Betsy Isenberg with the Indiana Attorney General’s office.
ASC isn’t alone. Two weeks ago, Monarch Beverage fell victim to the same crime. While investigating the incident, they learned the same thing happened to them last year.
In late January, scammers also tricked a Scotty’s Brewhouse payroll employee into leaking around 4,000 W-2 forms.
“In the world we live in, everyone is quick to respond to email but it`s better to take a step back,” said Isenberg. “Use your common sense and call the person and make sure they are really sending you the email.”
ASC admits they first noticed the breach last Friday, when employees reported their tax returns were being rejected because the scammers had filed on their behalf.
A spokesperson said no personal health information was stolen, but the Attorney General’s office still hopes the case serves as a warning for companies everywhere.
“When you’re not sure if an email is coming from someone in the company, pick up the phone and ask them.” said Isenberg.
Officials with A-S-C didn’t want to go on camera, but say they have set up a toll free line to answer employees questions about the breach.
All three companies affected are now offering the victims free credit monitoring for employees.