The IRS has alerted offices across the U.S. about an emerging phishing email scheme targeting payroll and human resources offices in an effort to urge companies to protect their employees’ personal, financial, and tax data.
Payroll personnel has been warned against sharing sensitive information to any individual claiming to be a CEO or executive, before confirming the sender’s identity.
According to the IRS, cybercriminals have been impersonating company executives and successfully requesting personal information on employees, including payroll data like W-2 forms that contain Social Security numbers and other personally identifiable information.
The criminals have reportedly been using the stolen personal data stolen to claim monetary funds, such as by filing fraudulent tax returns for refunds.
So far, the scheme has already claimed several victims due to payroll personnel mistakenly sending their company’s payroll data over to unsafe hands.
“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”
Often, the emails contain the actual name of the company chief executive officer and are sent to an employee within the company payroll office, requesting a list of employees’ personal information including their SSNs. The following are some of the details contained in these emails known as “spoofing” emails:
- Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
- Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary)?
- I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
The IRS is warning all payroll personnel to confirm all emails containing sensitive payroll data in an effort to protect personal, financial, and tax data. We hope this notice has been helpful in preparing you and your staff to respond appropriately when requested to divulge personal employee information.
FingerCheck is constantly on the beat of new payroll and compliance news in order to inform you of need-to-know information.