There is an active phishing scheme targeting Washington school districts. The scheme targets human resources/payroll staff seeking sensitive W2 and payroll information. 

The senders present themselves as the school district’s superintendent, with a message like one the following:

• “I need W-2 copy list of all employees’ wage and tax statement for 2017. Kindly prepare and attach the lists in PDF file type and email them to me for review as soon as possible.”

• “Kindly send me the individual 2017 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”

• “Can you send me the updated list of employees with full details (name, Social Security number, date of birth, home address, salary).”

If any district staff receive an email from the superintendent requesting a list of employees and other personal information, they should check it out before responding. If someone responds and it is determined the request was not legitimate, the district needs to notify anyone who is at harm from the data release, not more than 45 days after the error was discovered. If the data breach affects more than 500 Washington residents, the state Attorney General’s Office must be notified.

Recommended for you

(0) comments

Welcome to the discussion.

Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.