Email phishing scams are becoming more prevalent, especially this time of year. “The holidays and tax season present great opportunities for scam artists to steal valuable information through fake e-mails,” IRS Commissioner Chuck Rettig cautioned. Rettig advised to watch your inbox for these sophisticated schemes that try to fool you into thinking they’re from someone they are not.
Thieves are targeting employer payroll systems. Employers and employees alike need to know how to recognize threats. Phishing scams can look like legitimate emails asking an employee to update their login or password by following a link. The link is to a site that is actually a scam. Thieves then use the information to log in and change records such as direct deposit to divert payroll funds to a different bank.
- Know who emails are coming from. Carefully examine sender email addresses.
- Never click on links unless you know the sender. See the first bullet.
- Refrain from sharing login or personal credentials via email.
- Heighten scrutiny of banking information requests.
- Train your employees on phishing scams.
The same scams used to obtain your payroll information are also used to obtain your banking credentials. An email from your bank informing you that there is a suspicious transaction and providing a link to verify your identity is dangerous. It’s not your bank at all, it’s a phishing scammer.
- Contact your bank directly using a phone number or web address you know is genuine.
- Never click a link and provide personal information.
You receive a call from a bank advising that someone has been using your debit card ending in XXXX at ABC store. They then ask to verify your social security number which ends in xxxx and your full debit card information, so they can stop the unauthorized activity. They may even know some of your personal information. The caller ID may even look like it is from your bank.
Thieves are adept at making e-mails look like they are coming from a trusted source. You can never be too careful. If in doubt, don’t respond and don’t click any links.