W-2s phishing scheme targets HR & payroll staff

This information was sent to U-M Human Resources and Financials Unit Liaisons via email on March 9, 2016. It was also sent to the IT Security Community and Frontline Notify groups.


The Internal Revenue Service has issued an alert to payroll and human resources professionals about a phishing email scheme that purports to be from executives in their organization and requests personal information of employees.

According to the IRS Alert, the scheme has "claimed several victims as payroll and human resources offices mistakenly email payroll data including Forms W-2 that contain Social Security numbers and other personally identifiable information to cybercriminals posing as company executives."

In most cases, these requests ask people to provide data outside of normal practices or procedures. According to the IRS, the emails may "seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information."

If you receive a request for data that seems unusual or out of the ordinary, check carefully before providing any information. Consider directly contacting the person the email seems to come from to verify that the request is legitimate.

Be suspicious of any email asking you for sensitive university information, and only provide information according to university procedures after you have verified that the request is legitimate.