Facebook Twitter Linkedin

“If I could sum up why I’m committed to the HR Girlfriends community it would come down to because we are ‘….in this together.'”

~Sana’ Rasul, Chief Girlfriend

Q&A: I received an email purportedly from our CEO requesting copies of employee payroll records …. Could this be a phishing scam?

Question:

I received an email purportedly from our CEO requesting copies of employee payroll records. I checked with her, and she did not send this email. Could this be a phishing scam?

Answer from Eric, SPHR, SHRM-SCP:

Yes, this is likely a phishing scam. Inform your IT staff immediately and do not respond to the email. You should also warn employees to be on the lookout for suspicious emails like this and remind them never to email sensitive employee information.

Last year, the IRS issued a warning about an emerging phishing email scheme that targets HR and payroll departments. The scammer purports to be a company executive and requests personal information about employees — often in the form of W-2s or payroll records. In other cases, they ask for a list of names, birth dates, home addresses, salaries, and social security numbers. The scammers then attempt to use the information to file fraudulent tax returns and engage in other criminal activity.

A successful scam can be a costly data breach with legal consequences for employers. For example, if an email account is hacked or accessed by an outside party, everything in the email account might be accessible to them. One of the best ways to protect your company from these sorts of scams is to have a policy and practice of never emailing sensitive employee information.

The language below may be an effective reminder:

“Employees should not under any circumstance email sensitive employee information such as W-2s, benefit enrollment forms, completed census forms, or anything with social security or credit card numbers. Email is inherently insecure, and scammers may pose as company executives or employees to steal information. If you receive a request to email any such sensitive information, do not respond to it. Instead, inform your manager immediately.”

Businesses are generally required to take reasonable precautions to protect personal information in their possession. In the event of a breach, many states require that notice is given to those whose information was compromised. This notice might need to include the cause and nature of the data breach as well as what protections are afforded to those affected.

Eric, SPHR, SHRM-SCP

Eric has extensive experience in HR, management, and training. He has held several senior HR positions, including as the HR & Operations Manager for an award-winning interactive marketing agency and as HR Director for a national law firm. Eric graduated with a Bachelor’s of Science in Economics from the University of Oregon with a minor in Business Administration.

Leave a comment

Never miss an opportunity to earn HRCI/SHRM credits, identify a mentor, or connect 1:1 with another HR Girlfriend in your city or across the country.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Author picture

HR Girlfriends™ is a Human Resources networking organization dedicated to advancing the practice and culture of people empowerment. Our team of Girlfriends consult, train, educate, develop, share, promote, and advocate for solutions in the field of human resource management.

Are You IN?
Or Are You OUT?

It’s time you join forces with a community of like-minded peers ready to tackle the issues unique to the women of HR.
LEARN MORE

Partner with HR Girlfriends

Earn Up To 15% Cash Back

Earn commission for every referral, on almost every product we offer. 

When you sign up to be a referral partner, you'll get links, banners and other images you can use on your website, social media or email that will help you promote us!

Simply fill out this web form we will set up your account!

IRS Rules, Not Ours: Your SSN/TIN is required to render a 1099 when annual affiliate payments exceed $600. All sensitive data is protected and secure. 

Refer & Earn Cash - Sign Up
  • All
  • Affirmations
  • Career Monday
  • COVID-19
  • CyberSAFE
  • Guest Blogger
  • HR Advisor Newsletter
  • HR Certifications
  • HR Compliance
  • HR Law Alert
  • HR Q&A
  • HR Reading
  • HR Reel Talk
  • Join Our Team - Apply Now
  • Membership
  • Talent Management
All
  • All
  • Affirmations
  • Career Monday
  • COVID-19
  • CyberSAFE
  • Guest Blogger
  • HR Advisor Newsletter
  • HR Certifications
  • HR Compliance
  • HR Law Alert
  • HR Q&A
  • HR Reading
  • HR Reel Talk
  • Join Our Team - Apply Now
  • Membership
  • Talent Management
HR Q&A

Q&A: Can We Have a Mandatory Retirement Age?

April 24, 2025 No Comments
With a few exceptions, no, you can’t have a mandatory retirement age. Forcing an employee age 40 or older to retire at a certain age ...
Read More →
HR Q&A

Q&A: Do I need to do anything when employees come to me to vent?

April 10, 2025 No Comments
It depends on what they’re venting about. If they’re complaining about conduct that might be illegal, such as harassment or threats of violence, you’ll need ...
Read More →
Career Monday

Career Monday: 14 Ways To Find Your Way Back From Burnout

March 17, 2025 No Comments
Preventing burnout protects your overall health and your career. However, if the way you work changed radically over the past year, your old defenses may ...
Read More →

Quick Links

Search

© HR Girlfriends. All rights reserved.

Facebook Twitter Linkedin
Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap