We have been repeatedly warning our clients and readers about the massive and successful W-2 phishing schemes where hackers impersonate the CEO or CFO and send emails to payroll and/or HR folks in companies requesting W-2 forms of employees [see related posts here and here].
It became such a problem that the IRS issued an alert to all payroll and HR departments on March 4, 2016, warning all industries about the pervasive problem.
The latest victim is my childhood hometown team The Milwaukee Bucks. The phishing scheme involved was exactly like all the others—it impersonated team President Peter Feigin requesting W-2 forms for employees. The W-2s were then sent to the hacker and those employees’ information, including their Social Security numbers were compromised.
The Bucks are providing the affected employees with 3 years of credit monitoring services and identity restoration services.
We continue to see these phishing schemes successfully implemented, which underscores the continuing need to train employees and provide them with education and tools to feel comfortable to pick up the phone to confirm an odd request, such as the CEO requesting W-2s forms of employees.