Its baaaaaack…this is the time of year when W2 forms get sent out, so scammers posing as company execs request them from someone in the company.

Who Is It Targeting: Employees in virtually any industry or field

What Is It: A boss phishing scam that requests the payroll records and W2 forms for all of the company’s employees

What Are They After: In this increasingly common scam, someone gains access to an existing email account or creates a “spoofed” email account for someone higher up in the company. He uses this email account to contact someone lower in the supply chain and request copies of all the employees’ W2 forms. Since it’s tax time, after all, the recipient follows the instructions, sending all of the employees’ sensitive personal identifiable information to the scammer.

The IRS has already issued a warning about this scam this year and states that as many as 29,000 people in different businesses, schools, non-profits, and even tribal organizations have already been victims.

How Can You Avoid It:

  • If you receive an email asking for ANY type of sensitive information—payroll records, account numbers, passwords, etc.—do not comply!
  • Verify that the request is genuine by picking up the phone and confirming it.
  • Even if it’s legitimate, be careful about sending personal identifiable information in an email, and follow your company’s policy on such a thing.

If you think you may be a victim of identity theft, contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. Find more information about current scams and alerts here. For full details of this scam check out this article from CSO Online.

How much information are you putting out there? It’s probably too much. We are here to help you stop sharing Too Much Information. Sign up for the TMI Weekly.