The Internal Revenue Service recently issued an alert to payroll and human resources professionals to be aware of an emerging phishing e-mail scheme that purports to be from company executives and requests personal information about employees1.
The phishing e-mails typically appear to be from the company CEO or other executive, and are generally directed to a company employee in the payroll, human resources or accounting departments. The “CEO” sends an e-mail to the company employee and requests certain tax documents or other personally identifiable information (“PII”) pertaining to the company employees, including W-2s, SSNs, dates of birth, addresses and salaries.
The following are examples of the requests contained in the phishing e-mails:
-
I need you to email me scanned copy of all our Employees W-2 wage and tax statement for 2015 for immediate reviewing. I will brief you more about this later. Keep in touch as soon as you can.
-
Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
-
Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
-
I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
The scheme has already resulted in numerous instances of people being tricked into sharing the tax documents and PII of company employees with cybercriminals. The criminals perpetrating the scheme seek to monetize the data, including by filing fraudulent tax returns for refunds.
1 See IRS Alerts Payroll and HR Professionals to Phishing Scheme Involving W-2s, IR-2016-34, March 1, 2016, https://www.irs.gov/uac/Newsroom/IRS-Alerts-Payroll-and-HR-Professionals-to-Phishing-Scheme-Involving-W2s.