About this time last year, the Internal Revenue Service issued an alert to payroll and human resources professionals to beware of phishing scams that were made to look like requests from company executives seeking personal employee information–specifically W-2 forms and payroll data. Human resource departments were deceived by the phony e-mails and mistakenly sent data that contained Social Security numbers and other personally identifiable information to criminals. The information collected was subsequently used to commit identify theft, and fraudulent tax returns were filed in some cases.
These types of tactics, in which people are psychologically manipulated into performing actions or divulging confidential information, are classified as “social engineering.” The email phishing technique (also known as spear phishing) is by far the most successful social engineering tactic on the internet today, accounting for 91% of attacks!* To combat these types of scams, companies need to educate their employees regarding phishing tactics and develop procedures to follow in the event that a scam is suspected.
Criminals are varied in their approach to gaining access to sensitive information, but many phishing scams are typically comprised of a few common elements:
Here are some tips to help protect your data and employees’ sensitive information:
Gloria McDonnell is the tax operations director and serves on the leadership team at Redpath and Company. She specializes in corporate and individual tax planning and compliance, multi-state taxation, international tax, and tax research. Gloria works with closely-held businesses in a variety of industries, and has provided business tax accounting services since 1989, and has been at Redpath and Company since 1991.More posts by Gloria McDonnell
We are a member of HLB International, a worldwide network of professional independent accounting firms and business advisors.