The IRS has issued a bulletin to alert payroll and HR departments that they may be targeted in an email phishing scheme that requests employees’ personal information.
This tax season, cyber criminals have been sending phishing emails to payroll and HR professionals claiming to be the CEOs of the companies. The emails contain the actual names of the companies’ CEOs and request a list of employees and their personal information, including Social Security numbers and dates of birth.
Several payroll and HR departments have mistakenly sent payroll data, including employees’ Forms W-2, to cyber criminals after receiving one of these phony emails.
According to the IRS bulletin, some of the details contained in the emails include a request for an updated list of employees and their personal information, or a request for individual 2015 Forms W-2 and an earnings summary of all staff for a review.
Don’t become a victim of this scam: Before responding to a request for personal employee information from a company executive, double check who the sender is. If the request truly is from a member of the executive team, he or she shouldn’t have an issue with your diligence in protecting employees’ information.
AUI provides information to its clients about various HR and compliance topics. If you would like more information about how we can help you, please contact us.