Courtesy of the Ahola Corporation
Unfortunately, phishing scams have been on the rise for several years and don’t seem to be going away. The best way to address the issue is to make sure it’s top of mind for employees. Send a monthly or quarterly reminder that they should be skeptical about responding to emails that seem even slightly off and report them to the IT department immediately.
Explain to employees that usually the scammer purports to be a company executive and requests personal information about employees — sometimes just their phone number to start. Other times they’ll go directly to asking for financial or personal information such as payroll records or passwords. Here are a few examples of what the suspicious emails might say:
- I need you to complete an urgent and essential task for me, send me your cell number ASAP for details.
- Hello, I need you to get a purchase done, as I am planning to surprise some of the staff with gifts. Your confidentiality would be appreciated not to ruin the surprise. Acknowledge me once you get this, thanks.
- Kindly send me the individual W-2 (PDF) and earnings summary of all our company staff for a quick review.
- I want you to send me copies of employees’ W-2 wage and tax statements for 2019. I need them in PDF file type; you can send it as an attachment. Kindly prepare the lists and email them to me asap.
Show your employees these examples, or others likes them, and make it clear that they should not, under any circumstances, email sensitive employee information such as W-2s, benefit enrollment forms, completed census forms, or anything with social security or credit card numbers. They should also not follow links in emails or prompts to login to systems (even those they are familiar with) unless they are certain the request is legitimate.