In a previous post, we discussed common types of payroll fraud occurring from inside a company. Today, we examine a new type of fraudulent activity that actually targets payroll employees. This scam has been making the rounds in recent months, and it’s important for potential victims to be on high alert.

The scam goes like this: A member of payroll or human resources receives an email from a manager or executive within the company. The email address of the sender appears to be normal—no cause for concern. The email requests that the employee send the W-2 documentation of certain employees to the sender. The unsuspecting employee complies with the request.

The problem is, the person sending the email is not a company employee at all, but rather a hacker attempting to infiltrate private data. The payroll employee has just inadvertently released the social security numbers of myriad co-workers to a malicious stranger. The hacker can now steal the identities of all of these people.

In this era of increased security breaches, it is more important than ever to take proactive steps to prevent identity theft. If you receive an email requesting private information, reach out to the apparent sender in person to ensure that the request is legitimate before sending anything through the ether.

Of course, we are all susceptible to human error and poor judgment. If you realize too late that you may have compromised private company information, it is important to take action as soon as possible. Notify impacted parties right away, and report the incident to law enforcement.