On January 20 , an email from Lynn Jurich , CEO of San Francisco-based solar firm Sunrun , popped up in a payroll department employee 's inbox . The CEO was requesting copies of all employee W-2 forms , which were about to be sent out in preparation for tax season . The employee responded quickly as requested , not realizing the W-2 forms — containing the addresses , social security numbers , and salary information for Sunrun 's nearly 4,000 employees — were actually being delivered Attack.Databreach to a scam artist . Tax season is always a busy time for scammers seeking to gain access Attack.Databreach to sensitive information , but this year attacks are coming earlier and in greater numbers than usual . The uptick has caused the IRS to release an urgent alert warning employers to be on the lookout for what they 're refering to as `` one of the most dangerous email phishing scams Attack.Phishing we ’ ve seen in a long time . '' By using email spoofing techniques , criminals are able to draft Attack.Phishing emails that look as though they are coming directly from Attack.Phishing a high-level executive at your organization . They send Attack.Phishing the message to an employee in the payroll department or HR and include a request for a list of the organization 's employees along with their W-2 forms . Their initial goal is to use the W-2 information to file fraudulent tax returns and claim refunds . But not all criminals are stopping there . Once they 've found a responsive victim , a portion are also following up with additional email requesting a wire transfer be made to an account they provide . Also referred to as business email compromise (BEC) Attack.Phishing , these attacks Attack.Phishing have claimed more than 15,000 victims and cost organizations more than $ 1 billion over the past three years . More than 100 organizations have already fallen victim to W-2 phishing scams Attack.Phishing in 2017

You may have heard of the CEO scam : that ’ s where spear-phishers impersonate Attack.Phishing a CEO to hit up a company for sensitive information . That ’ s what happened to Snapchat , when an email came in Attack.Phishing to its payroll department , masked as Attack.Phishing an email from CEO Evan Spiegel and asking for employee payroll information . Here ’ s a turn of that same type of screw : the Internal Revenue Service ( IRS ) last week sent out an urgent warning about a new tax season scam that wraps the CEO fraud in with a W-2 scam , then adds a dollop of wire fraud on top . A W-2 is a US federal tax form , issued by employers , that has a wealth of personal financial information , including taxpayer ID and how much an employee was paid in a year . This new and nasty dual-phishing scam Attack.Phishing has moved beyond the corporate world to target nonprofits such as school districts , healthcare organizations , chain restaurants , temporary staffing agencies and tribal organizations . As with earlier CEO spoofing scams Attack.Phishing , the crooks are doctoring emails to make the messages look like Attack.Phishing they ’ re coming from Attack.Phishing an organization ’ s executive . Sending Attack.Phishing the phishing messages to employees in payroll or human resources departments , the criminals request a list of all employees and their W-2 forms . The scam , sometimes referred to as business email compromise (BEC) Attack.Phishing or business email spoofing (BES) Attack.Phishing , first appeared last year . This year , it ’ s not only being sent to a broader set of intended victims ; it ’ s also being sent out earlier in the tax season than last year . In a new twist , this year ’ s spam scamwich also features a followup email from that “ executive ” , sent to Attack.Phishing payroll or the comptroller , asking for a wire transfer to a certain account . Some companies have been swindled twice : they ’ ve lost both employees ’ W-2s and thousands of dollars sent out via the wire transfers .