IRS issues warning to HR professionals over phishing scam

Less than a month after it "renewed a consumer alert" for phishing scams, the Internal Revenue Service (IRS) in the US has delivered another warning aimed this time at payroll and human resources professionals.

It said that it has identified an “emerging phishing email scheme” that claims to be from business executives. The fraudsters behind the campaign ask for personal information belonging to workers, targeting those in payroll departments and HR.

Unfortunately, the scam has managed to dupe a number of professionals into emailing back the requested information. Included in the fake email are the following requests:

• Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
• Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
• I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data."

“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data,” said John Koskinen, commissioner of the IRS.

“If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”

News of this comes on the back of a similar scam at Snapchat. The company said that one of its employees had fallen victim to the hoax, resulting in cybercriminals obtaining payroll information belonging to some of its employees.

“Snapchat’s payroll department was targeted by an isolated email phishing scam in which a scammer impersonated our chief executive officer and asked for employee payroll information,” it explained on its blog.

“Payroll information about some current and former employees was disclosed externally. To be perfectly clear though: None of our internal systems were breached, and no user information was accessed.”