The IRS has alerted companies and human resources professionalsto a new hacker scheme, in which an email that purports to be fromcompany executives requests personal information on employees.

With hackers increasingly turning their attention to the reamsof personal data, not to mention the cash, in the $5 trillion401(k) market, it's a scheme retirement plan sponsors andadministrators should also be on the watch for.

The scheme, unfortunately, has already seen some success, amidthe surge in phishing e-mails so far this year.

Several companies have already fallen victim to emails that getpayroll and human resources offices to mistakenly email payrolldata, including Forms W-2 that contain Social Security numbers andother personally identifiable information, to cybercriminals posingas company executives.

This particular phishing scheme is characterized as“spoofing.”

The e-mail will typically contain the actual name of thecompany's chief executive officer and on the surface seems to comefrom the “CEO” to a company payroll office employee requesting alist of employees and information including SSNs.

According to the IRS, these e-mails will also contain some ofthe following statements, or variations on them:

“Kindly send me the individual 2015 W-2 (PDF)and earnings summary of all W-2 of our company staff for a quickreview.”

“Can you send me the updated list ofemployees with full details (Name, Social Security Number, Date ofBirth, Home Address, Salary).”

“I want you to send me the list of W-2 copyof employees wage and tax statement for 2015, I need them in PDFfile type, you can send it as an attachment. Kindly prepare thelists and email them to me asap.”

“This is a new twist on an old scheme using the cover of the taxseason and W-2 filings to try tricking people into sharing personaldata,” John Koskinen, the IRS commissioner, said in a statement.

Koskinen added, “Now the criminals are focusing their schemes oncompany payroll departments. If your CEO appears to be emailing youfor a list of company employees, check it out before you respond.Everyone has a responsibility to remain diligent about confirmingthe identity of people requesting personal information aboutemployees.”

BenefitsPro