6 Tips To Steer Clear of Employee Phishing Scams
More than likely, your employees have been targeted by a phishing scam at some point. While some of these scams can be easy to spot, phishing criminals are increasingly more sophisticated and customized in their attacks, which makes them harder to recognize. In recent months, the FBI has warned of an increase in employee phishing scams where scammers are masquerading as employers’ HR departments, targeting employees directly.
The latest wave of attacks focuses on companies using self-service platforms, where employees can view their payroll details, W-2 forms and update direct deposit information. Phishers are sending fake emails with a link provided, asking employees to log in to view a private email from their HR department. By clicking on the link and entering their credentials, employees are giving their login information to scammers. This enables scammers to change any personal or payment information, along with the email address. Once the email address is changed, email notifications are redirected to the phisher, so the victim may not immediately notice changes to their account.
What can you do about it?
There’s no surefire way to avoid phishing attacks, but there are important precautionary steps you and your employees can take to protect yourselves.
1. Be on the lookout.
The faster employees can spot a suspicious email sender, the better. Train your employees to stay vigilant when it comes to their inbox. It’s critical that they’re looking at actual email addresses, not just display names. If it’s an email address they don’t recognize, this should raise a red flag immediately. Employees should report any suspicious emails directly to their IT department.
2. Think before you click.
If your employees overlook the actual email address (which is easy enough to do), the content of the email can be the next indicator that something’s amiss. They should never click on a link or attachment included in an email, especially if it’s requesting login information; sensitive personal information should never be sent over email. Instead, they should go directly to the source (e.g., email the company HR contact to confirm it’s a legitimate request). Better safe than sorry!
3. Stay informed.
Make sure you stay on top of new phishing scams and make your employees aware. If they know what to watch out for, they’re much less likely to fall prey to scams. In general, make sure security is paramount throughout your organization. If it’s regularly reinforced, there’s a better chance your employees will stay mindful.
4. Use multi-factor authentication.
Multi-factor authentication adds an extra layer of security by requiring an additional method of account verification. So for example, if employees are accessing their account from an unrecognized device, they’ll need to have a verification code provided via text, phone call, or email before they can log in to their account. This helps to prevent hackers from accessing accounts, as they’ll need to provide more than just login credentials. To enhance our clients’ account security, Payroll Data provides multi-factor authentication with our Orbit Solutions products.
5. Keep current on security updates.
Security patches are regularly released for all devices and popular web browsers. Emphasize how critical these are to your employees. It’s easy to ignore the frequent messages about security updates, but they’re important. They’re released to fix inevitable security loopholes that phishers can exploit, and should be downloaded and installed ASAP.
6. Install anti-phishing software.
Anti-phishing software can help to detect and block malicious content contained in emails and websites, usually with a warning to the user. Many web browsers integrate this software with a toolbar that displays actual domain names, which helps your employees identify fraudulent websites that are mimicking legitimate ones. Because this software is often integrated with web browsers, it’s especially important that employees keep their browsers up-to-date.
Have more questions? We’re here to help.
If you’re an Orbit Solutions user, rest assured that we take phishing-scam precautions on your behalf. For example, we proactively monitor our software and pull reports to scan for suspicious routing numbers in our system. You can and should keep an eye out for these numbers too. They’re subject to change, but as of now, the following ABA routing numbers may signal an issue: 124303120, 061120000, 124085024, 096017418, 124302529.
If you have any additional questions or concerns on employee phishing scams, please contact your Client Service Representative or send us a note today. We’re happy to help!