New CEO phishing scam: Urgent request for W-2’s

This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

Tax forms (MIGUEL MEDINA/AFP/Getty Images)

Watch out for the newest version of CEO fraud. In this con, scammers send employees an email that appears to be from the CEO asking them to send copies of employee W-2’s that contain a wealth of wage and personal identifying information – including their full name, address, wages and Social Security number, all of which can be used for identity theft.

Here is the text of the email:

“I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.”

Who would question the requests of the CEO, right? Most employees will typically act quickly on such a request and not question its validity. In this case, it is in everyone’s best interest to question any request that 1.) seems unusual coming from the CEO or another executive, and 2.) if the style or form of communication is out of the ordinary. Think of the consequences of falling for this scam.

One company that almost fell for the scam did an analysis of the headers that showed the hackers used someone’s GoDaddy email server and the return address was definitely not from the CEO! However, it was a valid email address that the hackers were monitoring.

The bottom line: Warn your accounting and HR teams that there is a new strain of CEO fraud asking for W-2s.

To find out more about other scams, check out BBB Scam Stopper. To report a scam, go to BBB Scam Tracker.

Notice: you are using an outdated browser. Microsoft does not recommend using IE as your default browser. Some features on this website, like video and images, might not work properly. For the best experience, please upgrade your browser.