About this time last year, the Internal Revenue Service issued an alert to payroll and human resources professionals to beware of phishing scams that were made to look like requests from company executives seeking personal employee information–specifically W-2 forms and payroll data. Human resource departments were deceived by the phony e-mails and mistakenly sent data that contained Social Security numbers and other personally identifiable information to criminals. The information collected was subsequently used to commit identify theft, and fraudulent tax returns were filed in some cases.
These types of tactics, in which people are psychologically manipulated into performing actions or divulging confidential information, are classified as “social engineering.” The email phishing technique (also known as spear phishing) is by far the most successful social engineering tactic on the internet today, accounting for 91% of attacks!* To combat these types of scams, companies need to educate their employees regarding phishing tactics and develop procedures to follow in the event that a scam is suspected.
Criminals are varied in their approach to gaining access to sensitive information, but many phishing scams are typically comprised of a few common elements:
Here are some tips to help protect your data and employees’ sensitive information:
Gloria McDonnell is the Tax Operations Director and serves on the leadership team at Redpath and Company. Gloria specializes in corporate tax planning and compliance, multi-state taxation, international tax, and tax research. Gloria works with closely held businesses in a variety of industries, and has provided business tax accounting services since 1989. You can reach Gloria at 651-407-5829 or firstname.lastname@example.org.More posts by Gloria McDonnell