The internet can be a powerful but scary tool. With technology constantly advancing, our way of communication has improved over the years. This has been heavily highlighted with the current landscape that COVID-19 has created. Many companies have shifted to remote work and are more vulnerable than ever.
These arrangements can put networks at high risk for online scams as the connections from home may not be as secure as the ones at a physical workplace location. In fact, cyber-attacks have increased by 350% during the pandemic.
HR and Tax departments of companies are a prime target since they are privy to the most confidential information. Although we advise being skeptical of suspicious emails year-round, businesses can be more susceptible during holiday and tax seasons.
First, what is phishing? As defined, “a cybercrime in which a target or targets are contacted via email, telephone, or text message by someone posing as a legitimate and reputable institution or person to persuade individuals to reveal personally identifiable information, banking and credit card details, and passwords.”
In other words, you may receive an email, phone call, or text message from someone that could be posing as a coworker, a boss, a friend, a family member, even the IRS, asking for sensitive information.
When this happens to businesses, it is referred to as a business email compromise/business email spoofing (BEC/BES).
Email Scams to Look Out For
These emails are generally impersonating a real company employee, often an executive, and are sent to payroll or the appropriate HR personnel who would be able to authorize the release of that information. For scenarios 1 and 2 above, the thief posing as the employee/executive will provide the new bank account information making it a seamless crime.
Although HR departments are a prime target due to their access to sensitive data, there is no real target industry or type of employer that hackers/scammers are contacting. This is relevant to all types of businesses whether you manage or own a hotel, restaurant, medical practice, construction company, etc.
How to Detect BEC/BES
You might be questioning how to tell if the email you receive is false. Don’t worry – there are several subtle clues to look out for. Make sure to read the email carefully before following through with the request. Often, email scams contain grammar and spelling mistakes within the body.
For examples of what BEC/BES may look like when they land in your inbox, check out the IRS alert here.
If a scammer has been able to compromise an executive’s email account, the domain would look almost identical. A spoofed email domain could look like any of the following:
You can also hover over links within the body of the email, if any, to verify whether the URLs are safe before clicking. Usually, if the website is unrecognizable or if the “http” lacks an “s” – “http://” vs “https://”, this may be a cause for concern.
If you notice any of these subtle clues, refrain from clicking any links or responding, and notify the sender through different means to confirm whether they sent you the email.
What to do Upon Identifying a BEC/BES Email
For other preventative steps to take when it comes to email communication, read our blog on email encryption.
Get expert HR and payroll assistance. Contact Payroll Systems and let one of our payroll specialists walk you through our easy-to-scale solutions for your business.
For most companies, payroll is easily their largest expense Clearly, payroll is a huge part of running a business and consists of many moving parts Handling all aspects of payroll such as tax...
On September 30th, California Governor Gavin Newsom signed Senate Bill 973 which requires private employers to submit an annual Pay Data Report to the Department of Fair Employment and Housing (DFEH)...
On October 13th, The Social Security Administration (SSA) announced that the social security wage base will be increased to $142,800 In 2021, up from $137,000 in 2020 – an increase of $5,150 (as...
Feedback from an employer, the candidate, and the recruiter is highly useful information to better understand your hiring process Getting a feel for the different points of view involved can help you...
On September 17th, Governor Gavin Newsom signed a new law, SB 1383, that expands on the current family and medical leave entitlements The law goes into effect on January 1st, 2021 and it requires...
On Friday, September 11th the US Department of Labor (DOL) issued revisions to the leave regulations under the Families First Coronavirus Response Act (FFCRA) These revisions are primarily clarified...
This article provides general information and shouldn’t be construed as legal or HR advice. Since employment laws may change over time and can vary by location and industry, please consult a lawyer or HR expert for advice specific to your business. You can also contact Payroll Systems to inquire about our HR support services.