The NASPP Blog

What would you do if you got an email from your CEO, asking you to provide a report of taxable income, including employee IDs—stat? A) Respond with the requested information as quickly as possible or B) be very suspicious?

As it turns out, you should be very suspicious.

Phishing Scheme Targets Payroll and HR

Most phishing schemes have little to do with stock compensation, but a scheme that the IRS has issued an alert on in the past hits a little close to home.  This scheme targets payroll and HR personnel. The scammer sends an email that purports to be from the company’s CEO or other executives and requests that the recipient provide employee data, including personal and W-2 information.

If successful in acquiring this information, the scammer then submits false tax returns (possibly with both state and federal tax authorities) and collects on any refunds due to employees.

According to the IRS, the email may include the following (or similar) requests:

• Kindly send me the individual 2017 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review
• Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2017.
• I want you to send me the list of W-2 copy of employees wage and tax statement for 2017, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Kindly?

It seems to me that the big giveaway here is the use of the word “kindly” in the above requests. What executive ever used that word when asking for a report ASAP?

Let’s Be Careful Out There

Payroll and HR aren’t that far removed from stock plan administration. Some of you probably wear both hats.  It’s always a good idea to verify any unusual requests from executives and to make sure that any personal data for employees, including compensation data, is transmitted in a secure manner, especially if that data includes employee identifiers, such as names and ID numbers.

You also might want to make sure your colleagues in payroll and HR are on alert for this scam. It’s more widespread than you think and it’s a mess to resolve; you don’t want it to happen to you or your fellow employees.

– Barbara

Update: Since I posted the blog, the IRS has announced that this phishing scheme has emerged as “one of the most dangerous phishing emails in the tax community.” Make sure your payroll team is aware of it. If your company has been victimized by this scheme, the IRS urges you to report it to them as soon as you become aware of it; see their press release for information on how to report it.