Gone Phishing: How HR & Payroll Pros Can Be Proactive Against Scams
In wake of the recent W-2 phishing scams, you may be wondering how you can protect your business from phishing attacks. In short: you can’t. You can, however, educate your employees to ensure that phishing emails and other forms of communication go unanswered. Here are a few things to look for when trying to spot a phishing scam.
The IRS Never Emails
First and foremost, your employees must be aware that any email wherein the sender claims to be from the IRS is not legitimate and they should not open the email to begin with, let alone respond with personal information. The same goes for text messages and all forms of social media; representatives from the IRS are more likely to literally kick down your door while wearing clown suits than they are to send you a message on Facebook or hit you up on WhatsApp.
The main issue with the W-2 scam was that employees were receiving emails from officials claiming to work at their same company (e.g., the CEO). These “higher-ups” would ask for the W-2 records of everybody on staff; once the confused employees passed along the records in question, the phishing scam was complete.
To prevent employees from falling victim to such a scam, have them double-check the employer’s intentions in a medium outside of email. This can be a phone call, a video conference, or (preferably) a face-to-face meeting. If the CEO did send the request, they will most likely appreciate you confirming the validity of the request before potentially compromising every employee at the firm.
Use Dedicated Hardware and Accounts
Protecting your servers against remote intruders is a far trickier game, but you can stop it before it even begins. Using dedicated computers or kiosks to process employees’ payroll forms and files will prevent a wayward link on Twitter from activating a phishing scam or installing malware on a platform which houses all your employees’ information.
You’ll need to set strict website usage rules for your employees if you’re going to use a regular server, however. While this isn’t anybody’s favorite thing to do, making sure that no one is using social media, personal email accounts, or unapproved external devices on computers used to process payroll will immensely lower the chances of those computers getting infected with spyware or a malicious program.
More importantly than moderating personal use, though, you should emphasize to your employees that external links, forms, and other input-contingent media are not acceptable to access on work computers. Even browsing articles on the IRS’ official website by clicking through provided links can result in your email address ending up in a malware database.
Protecting Yourself from Unwanted Criticism
Practicing basic internet safety won’t necessarily spare your company from people who target it directly, but it will ensure that you and your employees are safe from criticism if something does get through.
At Abacus Payroll, we’re invested in making sure your employees are up-to-date on the latest payroll news. For more information on how to handle phishing scams and their aftermath, call us at (856) 667-6225 today!