Human Resources and payroll professionals are being targeted by sophisticated cyber criminals to steal employee data.  The email phishing scam works like this:  the bad guy sends an email to employees in the human resources or payroll department spoofing an email from a company executive, usually the CEO or CFO.  Email spoofing is the forgery of an email header so the message appears to have originated from the c-suite but actually belongs to a cybercriminal. The email may seek confidential information about the company’s employees, such as their Social Security Numbers and W-2 forms, or may ask that funds be immediately sent, via wire transfer, to a bank account number (commonly associated with a bank overseas).  Recipients of spoofed emails are deceived into disclosing the protected data that is then used to submit employees’ tax returns to the Internal Revenue Service or for other illegal activity such as transferring company funds to accounts from which they cannot be retrieved.
Continue Reading Beware of Email Requests from the C-Suite to Transfer Employee Data