Today’s guest blogger is Brian Jackson, President & CEO of Abacus IT Solutions.

Cybercriminals often use social engineering to convince you to install malicious software or hand over your personal information under false pretenses. They might email you, call you on the phone, or convince you to download something off of a website.

Recently there has been a new twist given to an old scheme to trick people into sharing personal data. With tax season in full swing the IRS is reportedly seeing a 400 percent surge in phishing and malware incidents targeting accounting and payroll departments in attempt to obtain W-2 information that contains SSN and addresses of employees.

The scam starts with an employee receiving a spoofed email. In most variations, the CEO sends an email to a company payroll office employee and requests a list of employees and information including SSNs.

The body of the email may look like one of the examples below:

  • “Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.”
  • “Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).”
  • “I want you to send me the list of W-2 copy of employees’ wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

Don’t fall victim to this scam, make sure you have implemented appropriate data controls to ensure sensitive information is protected and rules for transferring data are followed. If you have questions about your business and learning more about what you can do to protect your business, visit



Local Firm. National Knowledge. Global Reach.

Get In Touch