What would you do if you got an email from your CEO, asking you to provide a report of taxable stock plan transactions, including employee IDs—stat? A) Respond with the requested information as quickly as possible or B) forward the email to your IT department for investigation?

As it turns out, B might be the correct answer.

Phishing Scheme Targets Payroll and HR

If you are on the IRS’s mailing list, you know that it’s once again that time of year when the IRS sends out alert after alert about tax phishing schemes.  Most have nothing to do with stock compensation, but a recent alert hits a little close to home.  A new tax phishing scheme targets payroll and HR personnel.  In a phishing scheme, a scammer masquerades as a representative of a legitimate business to trick people into giving out personal information that the scammer can use for illicit purposes.

This phishing scheme involves an email that purports to be from the company’s CEO or other executives and requests that the recipient provide employee data, including personal and W-2 information.

According to the IRS, the email may include the following (or similar) requests:

• Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review
• Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary) as at 2/2/2016.
• I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.

Kindly?

It seems to me that the big giveaway here is the use of the word “kindly” in the above requests. What executive ever used that word when asking for a report ASAP?

Let’s Be Careful Out There

While the schemes don’t yet seem to involve stock compensation, payroll and HR aren’t that far removed from stock plan administration. Some of my readers probably wear both hats.  It’s always a good idea to verify any unusual requests from executives and to make sure that any personal data for employees, including compensation data, is transmitted in a secure manner, especially if that data includes employee identifiers, such as names and ID numbers.

– Barbara