HELENA – The Attorney General’s Office of Consumer Protection released a statement on Wednesday saying the office has received reports of businesses being scammed by specifically targeting employees.

The OCP reports that the scams are particularly alluring because the scammers send emails that appear to come from co-workers and address the targeted recipient’s specific duties, therefore seem to be a legitimate source to gain access to sensitive personal identification and financial information.

“This ‘spear phishing’ scam is especially despicable because it takes advantage of the trust that colleagues build between each other,” said Montana Attorney General Tim Fox. “These cybercriminals often research their intended target by exploring the target recipient’s LinkedIn and other social media pages to build a convincing email. It’s easy to fall victim to those emails. Educating Montana businesses, charities, schools, tribal organizations, and others about the existence of this type of scam is the best defense we have,” Attorney General Fox added.

While OCP has only received reports of three businesses falling victim to this scam so far in Montana, nationally, other entities have been targeted in this scam, such as nonprofit and tribal organizations.

The scam also called “W-2 Scam” is designed to gain personal information from as many people as possible within each targeted organization.

As the April 18 tax deadline approaches OCP warns people not to give out any personal information so W-2 information cannot be compromised.

Specific details about the scam to be aware of include:

A person will pretend to be a company executive sending an email to a staff member, usually someone who works in the human resources or payroll department.

Cybercriminals use various ‘spoofing’ techniques to disguise the email address to make it appear as if it came from an organization executive.

The email requests a list of all employees’ W-2 information, including employees’ names, addresses, social security numbers, and wage information. This can not only lead to fake tax filing, but identity theft.

If you’ve received an unusual email, instead of responding, contact the alleged sender by phone or in person to determine the legitimacy of it. This will ensure that the information requested is not compromised.

If the request was not legitimate, the scam attempt should be reported to the IRS at phishing@irs.gov with ‘W2 Scam’ in the subject line, and reported to the Montana Department of Justice’s Office of Consumer Protection through OCP’s online reporting form here, or by phone at (800) 481-6896 or (406) 444-4500.

Report scams immediately to the IRS if W-2 information is compromised. You can also file a complaint with the Federal Bureau of Investigation’s Internet Crime Complaint Center.

Employees should file a Form 14039, Identity Theft Affidavit, if the employee’s own tax return rejects because of a duplicate Social Security number or if instructed to do so by the IRS.

Visit the Montana Department of Revenue’s identity theft website for more information.