Call Us Today For A Free Quote | 866.940.1101
Professionals Insuring Professionals

Human Resource and payroll departments should be aware of an IRS alert that was released on January 25, 2017 providing information about an email phishing scam making its way across the country.  The scam originated last year, and the goal of the scam is to gain access to personal information contained on employee W-2 forms.  Cybercriminals will send an email to an HR or payroll department using a corporate officer’s name (such as the company CEO), and request a list of employees, their social security numbers, and W-2 information be sent to them.  

Below is verbatim verbiage that may be contained in the phishing emails:
  • Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2016, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Once the personal information has been obtained, the data is used to file fraudulent tax returns in order to claim the tax refunds.  The IRS urges HR and payroll departments to double check any executive level or unusual requests for release of W-2 forms and social security numbers.

In April 2016, Kalamazoo College was targeted and the personal information of about 1,600 students, staff and faculty of the college was mistakenly released when their W2 forms were sent to a phony entity.   According to President Eileen Wilson-Oyelaran, a college employee received an email requesting employees' 2015 W2 forms.  "The email was designed to appear as though a Kalamazoo College administrator sent it.”  "Believing the email to be legitimate, the employee replied to the message and attached faculty, staff and student employees' 2015 W2s."

In a Cloudmark Security blog by Tom Landesman, the first step of the phishing scheme begins with a bit of research about a company. Scraping popular forms of public data, such as LinkedIn and Twitter, often yields the names and titles of many employees in a company.  “Then, a quick search for the company’s website will often provide the name of the domain used in their email.” “With these items in hand, attackers now have their target’s email address as well as the email of a higher ranking member of the company — often a CEO or CFO.”  In the first quarter of 2016, at least 55 companies had fallen victim to these phishing schemes.

Organizations should prepare for these cyber threats by developing awareness programs and instructing employees to question requests for sensitive data no matter the source.  Anti-virus or other technology will not be enough to prevent every type of phishing attack.  Key employees of the company should be immediately alerted if something seems suspicious.  Other techniques to safeguard information include developing policies that require verification from a second person when it comes to releasing personal information.  Michael Overly, partner at Foley & Lardner, has developed a checklist for employers to follow when considering cybersecurity policies. 

While HR has historically not been responsible for IT issues, when people become the problem with technology, HR needs to take a proactive approach to partner with their technology teams to help educate employees and develop policies and procedures in order to safeguard both company and employee personal information.
Posted 12:28 PM

Share |


Edelweiss HR & Payroll Services said...
A great piece of useful & informative content. Thanks for sharing with us.
WEDNESDAY, MAY 09 2018 3:45 AM

Post a Comment
Required (Not Displayed)

All comments are moderated and stripped of HTML.
Submission Validation
Change the CAPTCHA codeSpeak the CAPTCHA code
Enter the Validation Code from above.
NOTICE: This blog and website are made available by the publisher for educational and informational purposes only. It is not be used as a substitute for competent insurance, legal, or tax advice from a licensed professional in your state. By using this blog site you understand that there is no broker client relationship between you and the blog and website publisher.
Blog Archive
  • 2019
  • 2018
  • 2017
  • 2016
  • 2015
  • 2013
  • 2011

View Mobile Version
Quick Contact
We love referrals! And thank you even more for your continued business.
Customer Service
Self policy service any time of the day, directly from our website.
Join Our Newsletter
Stay in touch with the latest events, news and offers we have.
From Our Blog From Our Customers
Read More Read More
Facebook Twitter LinkedIn Google Maps
Stay In Touch With Us Helpful Site Links Contact Us
Sign up now to receive new and updates 5075 Cascade Rd. SE, Ste. E
Grand Rapids, MI 49546

Local: 616.940.1101
Toll Free: 866.940.1101
We have the expertise to find you the right coverage at the right price 
Powered by Insurance Website Builder