Professional athletes may be used to the public knowing the terms of their multi-million dollar contracts, but Milwaukee Bucks organization received a surprise when the team announced last week that it had fallen victim to a phishing scam.
On April 26, a hacker posing as the NBA team’s owner Peter Feigin e-mailed team employees and requested 2015 IRS documents for all the organization’s employees, including players. An employee sent the requested documents, including W-2 forms containing names, addresses, social security numbers, compensation and dates of birth. The Bucks did not discover that the request came from an impersonator until May 16, when they notified the IRS and FBI.
After the incident, the Bucks announced that they will “provide additional privacy training to our staff and implementing additional preventative measures.” The team also will offer three years of credit monitoring and non-expiring identity restoration services.
One might expect a professional sports organization worth hundreds of millions or even billions of dollars to have better security measures in place. But this incident shows that many businesses, large and small, do not have internal security policies that might prevent these types of scams.
This incident is a good reminder that we all should pay attention to emails requesting personal, sensitive, or financial information:
- Be sure you recognize the email address. Most phishing scam artists do not create a fake email address, even if they change the sender’s name.
- Call the person who allegedly sent the email to verify the request.
- Use common sense – why would the person need the information requested?