“This is a new twist on an old scheme using the cover of the tax season and W-2 filings to try tricking people into sharing personal data. Now the criminals are focusing their schemes on company payroll departments,” said IRS Commissioner John Koskinen. “If your CEO appears to be emailing you for a list of company employees, check it out before you respond. Everyone has a responsibility to remain diligent about confirming the identity of people requesting personal information about employees.”This follows the trend of more closely targeted phishing attempts, where a few minutes of Googling can produce an "in" that is much less risky than traditional social engineering ploys.
Remind your C level people that they are targets too. They need the training you are no doubt providing to the rest of the company just as much or more than the intern who is right now propping up the water cooler.