A new strain of payroll phishes that has surfaced over the past few months involves phishing emails requesting copies of pay stubs and wage statements. Both are year-round social engineering attacks that expand on the W-2 phishing campaigns which erupt at tax season. Pay stubs typically contain much the same kinds of data that can also be found on W-2 statements, which means that they can be exploited for identity theft and other forms of financial fraud. These emails typically request a single, specific pay stub for one employee, designed to “fly under the radar” and not attract undue attention. They’re simple, direct, and dispense with any attempt to construct believable backstories or pretexts for the request. In short, they invite an unthinking, reflexive response from targeted users. These phishing emails spoof presidents, CEOs, and other C-level executives within targeted organizations. Moreover, these phishes almost unfailingly seem to land in the inboxes of employees whose work involves payroll processing.