A number of companies have fallen for this phishing scam already over 40 of which are named by CSO. A phishing attempt would easily be prevented if the recipient of the request contacted the CEO (or an assistant) to verify the request. Using LinkedIn, for example, a list of a companys employees and their positions can be quickly retrieved for any company. A simple, common sense process to verify non-routine requests can prevent some of the recent data breaches we all have been experiencing.”]
Source: https://www.csoonline.com/article/3048441/phishing-for-w-2s.html