North Carolina Attorney General Warns of Increase in Phishing Scams

North Carolina Attorney General Warns of Increase in Phishing Scams
Image: NCCC
March 8, 2016

Apparently it's phishing season in North Carolina. Unfortunately, we don't mean the type with a boat, a hook and a line.

The North Carolina Attorney General's Office is reporting an increase in reports of data breaches involving fraudulent emails, commonly called phishing.

In just the first few months of 2016, 26 phishing breaches have been reported by businesses and other organizations with 16 of those reports coming within the past two weeks. In 2015, there were only eight phishing breaches reported.

According to reports, emails used to steal company data often look like legitimate messages from someone within the business or organization, but are really sent by criminals and scammers. Some of the fraudulent emails reported in recent days appeared to come from the company's president or CEO.

Scammers can use technology to spoof an email address, making it appear that the message came from an email within the company when it did not. Criminals can also hack into the real email account of someone within the business and use it to send fraudulent messages.

The 2016 phishing breaches resulted in the release of personal information about more than 53,000 people nationwide, including about 480 North Carolinians. Several of the breaches released employees' payroll information or W-2s and could result in tax identity theft for people whose information was compromised.

In 2015, businesses and government agencies reported 557 breaches of all kinds involving personal information for about 2 million North Carolinians, with less than 1.5 percent of them involving phishing. So far in 2016, more than 80 breaches involving about 4,200 North Carolinians' information have been reported, with nearly 30 percent of them involving phishing.

A data or security breach happens when records containing personal information, such as Social Security numbers or credit card or bank account numbers, are lost, stolen or accessed improperly. State law requires businesses, as well as state and local government agencies, to notify consumers if their personal information has been compromised. They are also required to report security breaches to the North Carolina Attorney General's Office.

"Scammers can use technology to pretend to be anyone they want to in an email," North Carolina Attorney General Roy Cooper warned. "No matter how real the email looks or how legitimate the request sounds, don't send personal information or money without verifying the message first."

Businesses should also set a strict policy for wire transfers and disclosure of employee information. When managers hear about email scams they should warn all company employees immediately.

Businesses and other organizations, as well as consumers, can report email scams to the North Carolina Attorney General's Office by filing a consumer complaint online.