“If I could sum up why I’m committed to the HR Girlfriends community it would come down to because we are ‘….in this together.'”

~Sana’ Rasul, Chief Girlfriend

Q&A: Email from CEO requesting all records. Is this a scam?

Question:

Our HR person received an email from the CEO requesting copies of employee payroll records, but the CEO did not send this email. Could this be a phishing scam?

Answer from Eric, SPHR, SHRM-SCP:

Yes, this is probably a phishing scam. Inform your IT staff right away, and do not respond to the email. This troubling scam has been particularly prevalent this tax season.

Last spring, the IRS issued a warning about an emerging phishing email scheme that targets HR and payroll departments. The scammer purports to be a company executive and requests personal information about employees — often in the form of W-2s or payroll records. The IRS gave examples of what the emails might say:

  • Kindly send me the individual W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (name, SSN, date of birth, home address, salary).
  • I want you to send me copies of employees’ W-2 wage and tax statements for 2016 . I need them in PDF file type; you can send it as an attachment. Kindly prepare the lists and email them to me asap.

The scammers then attempt to use the information to file fraudulent tax returns and engage in other criminal activity. For employers, a successful scam can be a costly data breach with legal consequences. For example, if an email account is hacked or accessed by an outside party, everything in the email account might be accessible to ne’er-do-wells. One of the best ways to protect your company from these sorts of scams is to have a policy and practice of never emailing sensitive employee information.

The language below may be an effective reminder:

“Employees should not under any circumstance email sensitive employee information such as W-2s, benefit enrollment forms, completed census forms, or anything with social security or credit card numbers. Email is inherently insecure, and scammers may pose as company executives or employees to steal information. If you receive a request to email any such sensitive information, do not respond to it. Instead, inform your manager immediately.”

Businesses are generally required to take reasonable precautions to protect personal information in their possession. In the event of a breach, many states require that notice be given to those whose information was compromised. This notice might need to include the cause and nature of the data breach as well as what protections are afforded to those affected.

 

Eric has extensive experience in HR, management, and training. He has held several senior HR positions, including as the HR & Operations Manager for an award-winning interactive marketing agency and as HR Director for a national law firm. Eric graduated with a Bachelor’s of Science in Economics from the University of Oregon with a minor in Business Administration.

Leave a comment

Never miss an opportunity to earn HRCI/SHRM credits, identify a mentor, or connect 1:1 with another HR Girlfriend in your city or across the country.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Author picture

HR Girlfriends™ is a Human Resources networking organization dedicated to advancing the practice and culture of people empowerment. Our team of Girlfriends consult, train, educate, develop, share, promote, and advocate for solutions in the field of human resource management.

Are You IN?
Or Are You OUT?

It’s time you join forces with a community of like-minded peers ready to tackle the issues unique to the women of HR.
  • All
  • Affirmation
  • Career Mondays
  • Certification
  • COVID-19
  • CyberSAFE
  • Guest Blogger
  • HR Advisor
  • HR Law Alert
  • HR Q&A
  • HR Reading
  • HR Reel Talk
  • Join Our Team - Apply Now
  • Membership
  • Talent Management
All
  • All
  • Affirmation
  • Career Mondays
  • Certification
  • COVID-19
  • CyberSAFE
  • Guest Blogger
  • HR Advisor
  • HR Law Alert
  • HR Q&A
  • HR Reading
  • HR Reel Talk
  • Join Our Team - Apply Now
  • Membership
  • Talent Management
HR Q&A

Q&A: A remote employee’s roommate has been disrupting their work to the point that their performance is suffering. How should we handle this?

This situation should be handled the same way you’d manage most work disruptions affecting an employee’s performance. Start by having a conversation with the employee ...
Read More →
Affirmation

Affirmation: The time to go after my dreams is now.

Only I hold the power to create the life I desire. I want to make my dreams come true so each day I work on ...
Read More →
HR Q&A

Q&A: What’s the difference between a furlough and a layoff?

Furloughs and layoffs are ways to reduce labor costs during times of economic hardship. They both involve a loss of work for employees, but there ...
Read More →
Share via
Copy link
Powered by Social Snap