Groton police investigate phishing scam targeting town employees

(Image: Groton Police Department)

GROTON, Conn. (WTNH) — Groton police are investigating after they say a phishing scam compromised sensitive information belonging to some town employees.

On Thursday night, Chief Louis Fusaro with the Groton Police Department announced a data breach affecting Groton Public Schools.

“We are of course heartbroken and I just can’t tell you how disappointed I am that this occurred,” said Superintendent Dr. Michael Graner. He tells News8 the business manager for the school department has been placed on paid leave while this breach is investigated.

Police say someone pretending to be the superintendent sent an email requesting W-2s for school department staff. All 1,363 employees could be affected including Dr. Graner.

“When I say we are greatly disturbed by this I’m including myself,” Dr. Graner told reporters.

The IRS has warned about scams like this especially during tax time.

“I would caution that sometimes they can mask emails they can make it look like the email,” warned Deputy Chief Paul Gately of the Groton Police Department.

That’s why police say education is key. They say you should always click on and double check the email address and make a call to confirm a request like this before giving out personal information.

“They may try to set up accounts in your name,” said Deputy Chief Gately. “They may try to file a fictitious tax return in your name
so certainly you want to try to take steps to mitigate that issue.”

A very serious lesson learned.  The school department is offering employees credit monitoring services at no cost to them.

“When we finish the investigation I will certainly take appropriate action,” said Dr. Graner.

Members of the IRS were in town Friday afternoon to meet with school staff to let them know what they can do now to protect themselves.

The sensitive employee information had been “phished” in a scheme that Chief Fusaro compared to a national trend. The investigation is in “the preliminary stages,” Fusaro says, but he points to a release issued by the Internal Revenue Service in February, warning about a “Dangerous W-2 Phishing Scam Evolving; Targeting Schools, Restaurants, Hospitals, Tribal Groups, and Others.”

According to the IRS, cybercriminals disguise e-mails to look like they’re coming from in-house “using various spoofing techniques.” Payroll or human resources departments are targeted, and asked to provide a list of employees and their personal information, including their Forms W-2.

Chief Fusaro says police are working with the Board of Education and other agencies to “help mitigate any potential information breach and identify criminal actors who may have initiated this action.”

He also issued some of the following tips:

  • Be suspicious of unsolicited phone calls, visits, or email messages from individuals asking about PII, employees or other internal information.
  • If an unknown individual claims to be from a legitimate organization, try to verify his or her identity directly with the company.
  • Do not provide personal information unless you are certain of a person’s authority to have the information.
  • Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. This includes following links sent in email.
  • Don’t send sensitive information over the Internet before checking a website’s security.
  • Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com vs. .net).
  • If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information. .
  • Install and maintain anti-virus software, firewalls, and email filters to reduce some of this traffic.
  • Take advantage of any anti-phishing features offered by your email client and web browser.

groton public schools Groton police investigate phishing scam targeting town employees w 2 form Groton police investigate phishing scam targeting town employees

WTNH NEWS8 provides commenting to allow for constructive discussion on the stories we cover. In order to comment here, you acknowledge you have read and agreed to our Terms of Service. Commenters who violate these terms, including use of vulgar language or racial slurs, will be banned. Please be respectful of the opinions of others. If you see an inappropriate comment, please flag it for our moderators to review. Also, you can now block any inappropriate user by simple selecting the drop down menu on the right of any comment and selection "Block User" from there.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s