5 min read
W-2 Phishing Scam Targets Small Businesses, Schools and Others
As if you need one more thing to worry about this time of year, the IRS has issued an urgent alert regarding phishing scams. These scams target...
Expert payroll management services with a personal touch.
View Solution Read GuideSimplify and personalize HR with a team of HR experts on-demand.
View Solution Read GuideWhy spend more unnecessary time and money managing your workforce?
View Solution Read GuideTurn your candidates into employees with hiring & onboarding solutions.
View Solution Read GuideAdd On Solutions automate everyday tasks, prevent mistakes, and simplify business compliance.
View SolutionHelpful downloads and eBooks to empower your business.
Helpful tax and HR alerts to help keep your business compliant.
Payroll and tax-related forms and documents.
Horizon's blog provides valuable insight into payroll, compliance, human resources, and more.
See our client success stories for a case study on how we can help your business.
Payroll and HR strategy requires intelligent technology, personal attention and specialized expertise in the needs and nuances of your business.
We provide payroll and tax processing services for businesses from 1 to 1,000 employees or more. Today, we have nearly 1,000 customers in 40 states.
We've blogged on phishing before, but it's time for a refresh. In 2017 the IRS received approximately 900 complaints about phishing and suspected scams. That’s up from about 100 in 2016, and the number is expected to grow again in 2018. According to the IRS, in 2017 “more than 200 employers were victimized, which translated into hundreds of thousands of employees who had their identities compromised.” Don’t let your company be the next victim.
How to Spot a Phishing Scam
Basically, phishing is a scam where someone sends an unsolicited email with the goal of getting information from a victim. The email might ask for information directly or it might invite the victim to click a link or open an attachment. IRS-cited examples include:
Unsolicited emails with unusual requests are always a red flag. So are emails you’re not expecting that include links or attachments – both can trigger a download of malware that gives hackers access to files. Malware can even track your keystrokes, which lets them see passwords and anything else you type.
Why do we keep falling for it?
The short answer is because we’re human. Social engineers, those clever folks who trick us into giving up information, know if they can evoke an emotional response, we’re more likely to make bad snap decisions. Even if we know better.
One effective trick is “linking e-mail or telephone scams to current and high profile news stories … because things that come to mind quicker are more likely to be judged as important and as likely to be genuine, a concept known as the availability heuristic,” says The Conversation. Imagine an email from a stranger warning about the flood of IRS scams hitting HR departments. It comes with a free download - tips to protect your company. Sound suspicious? It should.
We insist we’re not gullible or careless enough to fall for scams, but we’re all vulnerable. We pride ourselves on helpfulness to our manager or customers. We’re suspicious but avoid confronting people and refusing requests. We crack under pressure or fear we’ve already been breached. Aaron Higbee, CTO for corporate testing company Phish Me, says in Wired, “there’s going to be some trigger that evokes emotionally heightened themes like fear, reward, and urgency” and that can lead the most cautious employee to skip verifying the requester’s identity.
It’s not the computer security system or weak passwords that fail as much as the humans using them fail to protect sensitive information. As Lily Hay Newman writes in Wired, “I was suspicious of plenty of emails just from their subject lines, but never enough to override my desire to confirm that someone hadn't broken into my Amazon account and ordered 1,000 tennis balls.”
How to protect your company and your employees
If you only remember one thing, make it this: “the IRS doesn't initiate contact with taxpayers by email, text messages or social media channels to request personal or financial information. This includes requests for PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.”
Take these steps:
What if you were breached already?
The Federal Trade Commission has a free guide for businesses on responding to a data breach including how to:
Employees whose W-2s have been stolen can find help on the Federal Trade Commission website. Employees who have any monetary losses due to an IRS-related incident, can report it to the Treasury Inspector General Administration (TIGTA). And if an employee's tax return is rejected due to a duplicate Social Security number, he/she should file an Identity Theft Affidavit (IRS Form 14039).
Phishing and online scams are scary and, unfortunately, they could be targeting your employees. If you have questions about keeping your company and your employees protected this tax season, or any time, contact Horizon Payroll Solutions for HR support and advice you can trust.
5 min read
As if you need one more thing to worry about this time of year, the IRS has issued an urgent alert regarding phishing scams. These scams target...
4 min read
Identity theft happens. According to the 2015 Identity Fraud Study, $16 billion was stolen from 12.7 million U.S. consumers in 2014. But how is all...
6 min read
Ensuring robust security measures within your business’s workplace environment is imperative in the face of evolving threats such as digital scams...