Close X
Attorney Spotlight

How does Jordana Nelson's prior experience as a general counsel inform her work with firm clients? Read more>


Close X


Search our Experience

Experience Spotlight

The M&A Advisor Winner 2017The M&A Advisor announced the winners of the 16th Annual M&A Advisor Awards on Monday, November 13 at the 2017 M&A Advisor Awards. Bass, Berry & Sims was named a winner in the two categories related to the following deals:

M&A Deal of the Year (from $1B-$5B) – Acquisition of CLARCOR Inc. by Parker Hannifin Corporation

Corporate/Strategic Deal of the Year (over $1B) – Acquisition of BNC Bancorp by Pinnacle Financial Partners

Close X

Thought Leadership

Enter your search terms in the relevant box(es) below to search for specific Thought Leadership.
To see a recent listing of Thought Leadership, click the blue Search button below.

Thought Leadership Spotlight

Regulation A+

It seems that lately there has been a noticeable uptick in Regulation A+ activity, including several recent Reg A+ securities offerings where the stock now successfully trades on national exchanges. In light of this activity, we have published a set of FAQs about Regulation A+ securities offerings to help companies better understand this "mini-IPO" offering process, as well as pros and cons compared to a traditional underwritten IPO.

Read now

Active Hacker Scheme Tricks Companies to Release Employees' W-2 Information: What You Should Be Doing

Firm Publication


March 24, 2016

During the past few weeks, many companies have been targeted by an email phishing scheme that has resulted in the disclosure of confidential personal information of numerous employees and other persons. The email is usually the same: a spoofing email from the CEO (or some other high-level executive) asking human resources, accounting or payroll departments for W-2 information. A cybercriminal armed with this information can then file fraudulent tax returns and receive an individual's tax refund. In many cases, fraudulent returns are filed within days of the theft of the information.

While the IRS has circulated an alert highlighting this scam, we continue to see companies fall victim to this scheme, including recent news reports that Snapchat and Seagate Technology have released sensitive payroll data to cybercriminals posing as company executives.

To prevent falling victim to this scheme, we urge you to quickly alert your employees and staff members, especially your human resources, accounting and payroll departments, to closely scrutinize any request for personal information, particularly W-2 or payroll information. At a minimum, inform your employees and staff members to do the following:

  1. call the sender of the email requesting the information and verify that he or she indeed made the request (e.g., if the email appears to come from "Jane Doe, CEO," call Jane Doe to verify before sending any requested information); and
  2. rather than replying to the original email, only send the requested information by composing a new email message to a known email address for the sender (e.g., compose an email to Jane Doe, using her known email address from the company directory).

In addition, you should inform employees that the phishing email is often similar to the format below:



Kindly send me the 2015 W-2 (PDF) of our company staff for a quick review.


CEO Name

Many hackers can obtain the necessary information to perpetrate this scam from a corporate website or individual's LinkedIn profiles. As discussed in a previous update, hackers use spear phishing scams to target individuals or businesses by posing as a friend, colleague or other business that routinely interacts with the individual or business and then requests certain personal or proprietary information. For many businesses, disclosing sensitive and valuable information can cause significant costs and expenses triggered by federal and state data privacy and security laws, including costs associated with complying with data breach notification requirements.

We will continue to monitor and provide updates regarding this latest scheme. If you have questions or any other cybersecurity concerns related to your organization, please contact an attorney on our Data Security & Privacy Team.

Related Professionals

Related Services


Visiting, or interacting with, this website does not constitute an attorney-client relationship. Although we are always interested in hearing from visitors to our website, we cannot accept representation on a new matter from either existing clients or new clients until we know that we do not have a conflict of interest that would prevent us from doing so. Therefore, please do not send us any information about any new matter that may involve a potential legal representation until we have confirmed that a conflict of interest does not exist and we have expressly agreed in writing to the representation. Until there is such an agreement, we will not be deemed to have given you any advice, any information you send may not be deemed privileged and confidential, and we may be able to represent adverse parties.