Your HR Team Might Fall For These Scams — HR Tech Outlook Magazine

According to HR Tech Outlook magazine review, Phishing scams has become very normal now. Each day, businesses are receiving a lot of mails in which most of the mails will be attached with malware which can encrypt or delete your files and backups, and the scammer can have remote access to your system.

Why Scammers Target HR Team for Phishing?

Everyday HR teams are handling a lot of activities which mostly includes recruiting, employee benefits, payrolls, and has access to Personally Identifiable Information of contractors, employees and applicants. These data are so confidential that, when a hacker try to do cyber breach, they’ll directly target the HR team.

Even though email scams and phishing are always present, the threat will be abnormally high during the tax season. During this season, the employees and businesses are targeted for their W-2 scams.

Check out: HR Tech Outlook Magazine Review

Here’s how W-2 phishing scams occur:

• The scammer sends an email impersonating the CEO of the company. The email will be sent to HR employee or any staff member with the email subject as “urgent” or “ can you help me with this”.
• The mail is sent sent asking for the access to the employee’s W-2 form. They’ll ask for employee tax information to be sent over via email in a single file.
• Since the information is too confidential, the email tone will be very polite. To make it look real, they might add the reason as “Kindly send me the earning summary of all W-2 of our company staff for a quick review.”
• Since mail is sent from CEO, the HR or staff collects the details and emails them back without thinking further.
• This will be a easy win for the scammer. Generally it’ll take more than a week for a HR to realize that their data has been breached. The staff or HR who handed over the information without proper consent will be in trouble at the end.

What has to be done?

• No matter in what industry you are in, you ( mainly in Human Resources) are you’re entire staff should get trained to recognize a phishing email.
• Raise awareness among employees about W-2 scams and remind them more during the tax seasons.
• Whenever you receive a email asking for W-2 information, let your employer know about it. Never hand over the details without proper consent from your employer. If you receive the mail from CEO, better contact him directly to make sure that it’s legitimate.
• If you receive a scam mail and if you identify it as scam, forward the mail to phishing@irs.gov with subject line as “W-2 Scam.