Who does this scam target?
Who are the targets within these organizations?
How does the scam work?
These scammers email payroll or human resource professionals purporting to be an organization executive (CEO, CFO, Director, etc.) and requesting employee W-2 information. The email often looks legitimate to unsuspecting employees who then send the requested information, disclosing private employee information to an unauthorized party.
Why is this dangerous?
This scam puts employees’ personal information at risk. Disclosing the information to unauthorized parties can lead to an increase in tax refund fraud as criminals use that information to file fraudulent returns in Minnesota and elsewhere. Stolen identities can lead to longer waits for refunds for employees who have filed their returns as we work to verify the return and refund are legitimate.
What can my business do to keep from falling for this scam?
Notify employees of the scam and have procedures in place to ensure that W-2 and other personal information is not disclosed to unauthorized parties. Any employee who gets an email asking for W-2 or employee information should Stop. Connect. Confirm.
Stop – Stop for a moment before complying with the request and sending that information.
Connect – Connect with the person who sent you the request by phone or by walking over to see them. Do not respond to the email to get confirmation of the sender’s identity. The sender may be a criminal who has disguised their identity by spoofing your colleague’s email address.
Confirm – Confirm with the executive requesting the information that their request is legitimate.
Businesses can download and print this poster and display it in your human resources and payroll departments to remind employees to Stop. Connect. Confirm. if a request for employee personal information is made.