The Internal Revenue Service has identified a phishing scam, called the CEO Fraud Scam, in which a criminal impersonates a company executive, and subsequently requests that human resources or payroll send over sensitive employee information.
The Internal Revenue Service has identified a CEO Fraud Scam in which a criminal impersonates a company executive such as the CEO, and subsequently request that human resources or payroll send over sensitive employee information. The information requested is among the usual suspects: social security numbers, home addresses, and anything else they can get their grubby mitts on.
This scam has earned the name The CEO Fraud Scam.
First, cybercriminals draft up a convincing forgery email which is sent to members of the payroll or human resources departments.
Appearing similar to a legitimate email thanks to various spoofing techniques, employees are instructed to compile a list of all employees, including their:
Often times, these cybercriminals will simply ask for a single PDF document containing the W-2s of all employees.
An example is pictured below.
In the above image, sensitive information was blurred out as this is an actual email received.
The I.R.S. has also found that there are several variations of this scam, which involve fraudulent wire transfers.
There are a few easy things you can do to avoid becoming a victim of such a phishing scam.