Plan advisors should be aware that the IRS has alerted human resourcesprofessionals to a new hacker scheme.
|The alert warns payroll and HR professionals to beware of anemerging phishing e-mail scheme that purports to be from companyexecutives and requests personal information on employees.
|With hackers increasingly turning their attention to the reamsof personal data, not to mention the cash, in the $5 trillion401(k) market, it's a scheme plan sponsors and administrators should also be on thewatch for.
|The scheme, unfortunately, has already seen some success, amidthe surge in phishing e-mails so far this year.
|Several have already fallen victim to e-mails that get payrolland human resources offices to mistakenly e-mail payroll data,including Forms W-2 that contain Social Security numbers and otherpersonally identifiable information, to cybercriminals posing ascompany executives.
|This particular phishing scheme is characterized as“spoofing.”
|The e-mail will typically contain the actual name of thecompany's chief executive officer, and will on the surface comefrom the “CEO” to a company payroll office employee requesting alist of employees and information including SSNs.
|According to the IRS, these e-mails will also contain some ofthe following statements, or variations on them:
“Kindly send me the individual 2015 W-2 (PDF) and earningssummary of all W-2 of our company staff for a quick review.”
“Can you send me the updated list of employees with full details(Name, Social Security Number, Date of Birth, Home Address,Salary).”
“I want you to send me the list of W-2 copy of employees wageand tax statement for 2015, I need them in PDF file type, you cansend it as an attachment. Kindly prepare the lists and email themto me asap.”
“This is a new twist on an old scheme using the cover of the taxseason and W-2 filings to try tricking people into sharing personaldata,” John Koskinen, IRS commissioner, said in a statement.
|Koskinen added, “Now the criminals are focusing their schemes oncompany payroll departments. If your CEO appears to be emailing youfor a list of company employees, check it out before you respond.Everyone has a responsibility to remain diligent about confirmingthe identity of people requesting personal information aboutemployees.”
|That goes for retirement plans, too.
Complete your profile to continue reading and get FREE access to BenefitsPRO, part of your ALM digital membership.
Your access to unlimited BenefitsPRO content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Critical BenefitsPRO information including cutting edge post-reform success strategies, access to educational webcasts and videos, resources from industry leaders, and informative Newsletters.
- Exclusive discounts on ALM, BenefitsPRO magazine and BenefitsPRO.com events
- Access to other award-winning ALM websites including ThinkAdvisor.com and Law.com
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.