We’ve had a few employees receive phishing emails lately. Do you have any advice for how to deal with this?
Unfortunately, these scams have been on the rise for several years and don’t seem to be going away. The best way to address the issue is to make sure it’s top of mind for employees. Send a monthly or quarterly reminder that they should be skeptical about responding to emails that seem even slightly off and report them to the IT department immediately.
You can explain to employees that usually the scammer purports to be a company executive and requests personal information about employees — sometimes just their phone number to start. Other times they’ll go directly to asking for financial or personal information such as payroll records or passwords. Here are a few examples of what the suspicious emails might say:
- I need you to complete an urgent and essential task for me, send me your cell number ASAP for details.
- Hello, I need you to get a purchase done, as I am planning to surprise some of the staff with gifts. Your confidentiality would be appreciated not to ruin the surprise. Acknowledge me once you get this, thanks.
Please show your employees these examples, or others like them, and make it clear that they should not, under any circumstances, email sensitive employee information such as W-2s, benefit enrollment forms, completed census forms, or anything with social security or credit card numbers. They should also not follow links in emails or prompts to login to systems (even those they are familiar with) unless they are certain the request is legitimate.
We were provided with this information from AmCheck Las Vegas by a PHR representative.
As always please feel free to reach out to Nevada Benefits, if we may be of assistance to you.