Home » Our Blog » It’s That Time of Year Again: Tax Phishing Season
back to the top
Phishing Season

It’s That Time of Year Again: Tax Phishing Season

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

It’s That Time of Year Again: Tax Phishing Season

With tax season upon us, so are security concerns. Con artists – or “malicious actors” as they’re known in information technology (IT) circles – understand that people may be more susceptible to a well-crafted phishing email during tax-filing and refund time. For example, you would most likely be suspicious of an email about your W-2 form, or a request to complete an attached tax form arrived in July, October or December. But what if the same email landed in your inbox during February, March or April?

Most phishing emails should be easy to identify; telltale signs are poor grammar and punctuation or odd capitalization. However, some attempts will be more sophisticated. Since loose clicks sink ships, here are some examples of active phishing campaigns and some phishing best practices.

The Data-Harvesting Attack

The malicious actor will pose as a potential client, asking for tax preparation assistance. The exchange seems innocuous, but the malicious actor will set up a situation in which the victim lets down his or her guard and opens an attachment at some point during subsequent emails. This attachment exploits a vulnerability, harvesting contact information, which the attacker then uses to impersonate you and claim your tax refund.

The Log-In Request Attack

As a variation of this attack, you could be tricked into clicking a link or opening an attachment that requests that you log-in in with your email account credentials. Again, this scam exposes contact information, opening yourself up to phishing attacks.

The W-2 CEO Fraud Scam

The W-2 CEO Fraud scam is yet another phishing attack that targets innocent people by impersonating the CEO, President or other authority figure in the company. The newest variation of this email attack requests 2016 1040-EZ Form for all employees for accounting purposes and emphasizes urgency. This type of attack is extremely targeted because the malicious actor often knows who has access to the requested information and who most likely would be the employee making such a hasty request. This form of attack rarely has a formal signature, just a simple “thanks,” followed by the sender’s first name and a “Sent from my iPhone” tag. The attacker tries to make the email feel friendly, while also using authority and urgency to motivate the recipient.

Remember that sensitive information never should be transmitted over email. Legitimate institutions understand that email is not secure, and it should not be treated as such in regards to the exchange of sensitive financial and tax information. Paycom has secure ways to upload highly sensitive documents that are entirely independent of email. Anyone who tries to circumvent secure transmitting procedures – intentionally or not – should be instructed on how to share data securely. Any phishing incidents and attempts also should be shared with your information technology security team.

The IRS/Tax Commissioner Scam

For instance, a malicious actor will impersonate the IRS/Tax Commissioner, requesting you to fill out an attached form. The new form request is “due to a system upgrade.” The form name or number might even be a legitimate, though unfamiliar, IRS form, like the W-8BEN-E Form.

However, the fake form will have sections that not only request expected sensitive information, but also extensive bank account information such as:

  • Your bank’s branch address
  • Account officer’s name and email
  • Date account was opened
  • Date and amount of last deposit

This specific information allows the malicious actor to drain your bank accounts, in addition to claiming your tax refunds. Please note that legitimate sources will never need or request this level of account detail in order to file your taxes electronically and to complete a direct deposit.

In more personalized attacks, the malicious actor has figured out and will impersonate who prepares or handles your tax information. Similar to above, the attacker will ask you to fill out a form that may or may not include your banking information. Keep in mind that a malicious actor only needs basic tax information to steal your tax refund.

General Phishing Best Practices:

  1. Never send sensitive information through email.
  2. Be wary of unexpected email links, unexpected attachments and emails that stress urgency or that use fear as a motivator.
  3. Do not verify a suspicious email with an email reply.
  4. Call the sender using contact information you already have. If you don’t have contact information, independently search for the website–do not click any links.
  5. Financial institutions always send personalized emails that are addressed to you, in addition to having the last four digits of your account number. If these things are missing, be suspicious.
  6. Check the hyperlinks in all emails before clicking them by hovering over the link. Alternatively, use a bookmark that you’ve previously saved, use a Google search, or type the address manually.
  7. When looking for the URL domain name, start from the right, not the left.
    • Example: If read from left to right,http://www.paypal.com-verify-transactionid-84937213938021.login.ebay-buyprotection<dot>net/ this link appears to belong to PayPal. However, the address is actually ebay-buyprotection<dot>net, not PayPal.com.
  8. If you suspect you have been phished, contact your IT department or IT security team immediately. If you suspect that you are a phishing target, forward the email to spam@uce.gov, the impersonated institution, and your IT department.
  9. Check for the HTTPS and a closed padlock icon in the address bar anytime you are enter confidential information into an online application. This ensures the security of information entered and indicates a legitimate and registered website.

 

Remember: legitimate sources, clients, colleagues, bosses, etc., should never:

  • request sensitive information in an email signed with a “Sent from my iPhone” tag
  • send forms through email
  • send generic, impersonalized email (emails that do not address you by name)
  • ask for personal or financial information through email
  • request banking information in paper/electronic document forms
  • resort to threatening or intimidating language to click links in email
  • send emails with poor grammar or awkward language; always check grammar and language usage

Lastly, be suspicious of any email that requests highly sensitive information, or use email addresses that are not from the company’s domain. Check the sender’s email address. It might say it’s someone from your contacts list or a legitimate institution, but it is surprisingly easy to spoof the name associated with an email.


Paul Baresel

by Paul Baresel


Author Bio: With expertise in compliance, data leak prevention and enterprise e-discovery, Paul Baresel brings more than 13 years’ experience in cybersecurity to his role as Paycom’s Information Technology Security Manager. He previously served in similar roles at American Energy Partners, Farmers Insurance and Chesapeake Energy. After graduating from the University of Central Oklahoma with a degree in information systems management, the native Oklahoman earned his MBA from Oklahoma Christian University. Outside of work, he enjoys running, climbing and spending time with his wife and their three children.

Employee Self-Service Software

Missing out on Key Functions of Your Employee Self-Service Software?

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

Missing out on Key Functions of Your Employee Self-Service Software?

If you’re like most company leaders, you’re probably making use of employee self-service software to a certain extent. In fact, in a joint study by Paycom and HR.com, 88.5 percent of companies surveyed used self-service tools. And about 87 percent of these organizations considered self-service software to be the most efficient way to provide employees with payroll and HR information.

You can discover more of the results of this survey in our whitepaper, The Role of Self-Service Software: Get the Most out of a Crucial Technology.

However, we also found that a large number of the organizations surveyed aren’t getting as much out of their self-service software as they potentially could. They are leaving functionality on the table and missing out on the opportunity to streamline their training, ensure that forms are efficiently completed and securely stored, and improve the accuracy of information entered by their employees.

Streamlined Employee Training

Companies that use their employee self-service software as a platform for training are able to reach a large number of employees with one streamlined training effort, rather than scheduling several training meetings to accommodate staff schedules, wasting time and losing productivity.

Incorporating training videos and slideshows into existing employee self-service software allows your employees to complete trainings when their schedules allow.

In our research, companies are using self-service technology to serve many functions (some of the most common include accessing payroll information and enrolling in benefits). Unfortunately, only 39 percent of companies we surveyed that are already utilizing self-service software are taking advantage of employee training opportunities through that software. Most organizations are missing out on this opportunity.

Secure, Efficiently Completed Forms

The forms that your employees are already filling out can be integrated with an existing self-service software to make it easier for them to complete and ensure that you can store the forms securely and efficiently. We found that this is another area where many organizations have room for improvement.

Of the organizations we surveyed that used self-service software, HR entered 50 percent or less of employee information in only 40 percent of those organizations. In 29 percent of surveyed companies with self-service software, HR was still entering 90 percent or more employee data.

Having a way for your employees to fill out performance reviews, feedback surveys and other forms within employee self-service software allows them to complete the forms on their own time, allowing your HR department to focus on more mission-critical projects. It can also cut down on paper storage and allow anyone who needs access to the completed forms to find them in one secure location online.

Accurate Employee Information

One surprising finding from our study was that while 87 percent of respondents said that employee self-service software was helpful, HR still enters in over 50 percent of employee data for 60 percent of surveyed companies using self-service software. The most common barrier that kept organizations from having a majority of information entered by their employees (instead of their HR department) was a concern over the accuracy of employee-entered data.

That’s a valid concern, but from our research, employee-entered data has the opportunity to improve information accuracy. Over 80 percent of organizations we surveyed determined that employee-entered data helps hold employees accountable for the accuracy of the data—and 51 percent agreed that employee accountability for that accuracy reduces compliance risk.

In addition to a reduced compliance risk, having employees enter their own information can free up your HR department to do more strategic work. In fact, improving your company’s usage of employee self-service software can help your HR department save up to 10 hours per week!

Learn how other companies of all sizes are making use of their employee self-service software and what can be gained from these and other underutilized capabilities in our whitepaper, The Role of Self-Service Software: Get the Most out of a Crucial Technology.

Tags: , , , , ,
Posted in Blog, Document Management, Featured, HR Management, Learning Management, Payroll

Lauren Rogers

by Lauren Rogers


Author Bio: As a communications specialist at Paycom, Lauren Rogers keeps employees abreast of company news and events, and provides insight to industry leaders regarding issues affecting human capital management. With experience in marketing and communications, Lauren has written blogs and other materials for a variety of businesses and nonprofits. Outside the office, she enjoys gardening, testing new recipes and sipping something caffeinated with her nose in a book.

Changing Drug Screening Policies

4 Insights About Evolving Drug Screening Policies

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

4 Insights About Evolving Drug Screening Policies

During the November 2016 election, eight of the nine states with marijuana-related decisions on the ballot voted to legalize the drug for medical and/or recreational purposes. This trend has gained traction across the country; today, more than half the nation has state laws in place that allow marijuana for medicinal use.

Marijuana legalization has created tension between state laws, federal law and organizational best practices nationwide, causing employers from numerous industries to revisit their current drug-screening policies to ensure they are best serving their people and the company. To learn more about how organizations could handle this shift in state policy, Paycom invited Sheehan Phinney attorney Jim Reidy to the HR Break Room podcast.

Listen to expert and attorney Jim Reidy from Sheehan Phinney discuss current and future drug laws on the HR Break Room podcast episode, “A New Leaf on Drug Policy Screening Policies: Time for a Change?”

Specific plans of action may be difficult to determine, but Reidy provided valuable insight and four major takeaways about quickly changing drug screening-policies.

1. Ask the Big Questions Now

Employers should consider asking a few key, ever-evolving questions about their current drug-screening policies right now.

Reidy suggests asking:

  • What do your drug and alcohol policies actually say?
  • Are you even asking about medications in the workplace? If so, why?
  • Are you asking about the current use of illicit or illegal drugs?
  • For nationwide companies, how do you draft policy in states where marijuana is either medically or recreationally legal? Do you default to federal law or try to accommodate employees and prospective candidates in those positions?

Hard answers may not exist on how to accommodate every employer and employee concern, but asking these questions now will help prepare you for issues that could arise as state laws continue to evolve. If marijuana legislation begins to affect your state, you will be more familiar with the possible pressure points that may influence your policies.

 2. Know Risks and Current State Laws

During the HR Break Room podcast, Reidy cited risk management as one of the most important aspects of changing state laws.

“HR professionals generally work in risk management, and one issue with risk management is safety and productivity, “Reidy said. “Twenty-six states now have medical marijuana approved, and eight states and the District of Columbia have recreational marijuana approved, and those numbers will likely increase in the next year or two. Employers are concerned about what impact it’s going to have on everything from attendance to mental acuity, productivity and largely safety.”

Take time to educate yourself on exactly what your state laws require before choosing a strategy. The better you understand your state’s legislation, the easier it will be to determine how it may impact your organization.

3. Communicating with Managers and Supervisors

According to Reidy, one of the most important things HR can do to prepare for changes is to learn about employee concerns by communicating and working closely with your managers.

“Assuming that they’ve tailored their policy appropriately to their workplace, to their locations, to their standards, their mission and the like, then I would spend a fair amount of time on training my supervisors and managers on the new policy,” he said. “Managers, I like to say, are your eyes and ears, but they’re also your Achilles’ heel. Be very careful with your managers … once managers have been trained, have them share policy changes and train them effectively to ensure they know what it means.”

Once your organization has created these clear channels of communication between HR, managers and employees, it will be easier to create a strategy for implementing a new policy if changes occur on a state or federal level.

4. No Universal Answer

Perhaps the biggest takeaway from our talk with Reidy was that there is no universal answer for all organizations, which is why employers must learn what works best for their business.

Reidy said it best, “employers, know your workplace, know your locations and know the state law that might apply. Be aware that the state law is certainly going to be different than the federal law, and have a realistic approach to screening and testing, and being consistent about your enforcement of your policy going forward.”

Learn more by subscribing to HR Break Room and listen to our podcast, A New Leaf in Drug Screening Policies: Is it Time for a Change?

 

Disclaimer: This blog includes general information about legal issues and developments in the law. Such materials are for informational purposes only and may not reflect the most current legal developments. These informational materials are not intended, and must not be taken, as legal advice on any particular set of facts or circumstances. You need to contact a lawyer licensed in your jurisdiction for advice on specific legal problems.

Tags: , , , , ,
Posted in Blog, Compliance, Employment Law, Featured

Caleb Masters

by Caleb Masters


Author Bio: Caleb is the host of The HR Break Room and a Webinar and Podcast Producer at Paycom. With more than 5 years of experience as a published online writer and content producer, Caleb has produced dozens of podcasts and videos for multiple industries both local and online. Caleb continues to assist organizations creatively communicate their ideas and messages through researched talks, blog posts and new media. Outside of work, Caleb enjoys running, discussing movies and trying new local restaurants.

Vacation

3 Ways an Employee’s Vacation Improves the Bottom Line

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

3 Ways an Employee’s Vacation Improves the Bottom Line 

Temperatures are rising, days are longer and blockbuster movies are being released faster and more furiously. It must be summer – a season when most employees take time off to relax and unwind. In fact, approximately 46 percent of all travel occurs in July, the heart of summertime. If you’re worried productivity might take a nosedive (into the swimming pool) over the next few months, don’t sweat it. You might be surprised to learn these statistics and benefits of enjoying time outside of the office.

  1. Increased Productivity

Everyone deserves a break every now and then, right? And the good news is, most employers agree. According to recent research, 91 percent of full-time employees are given vacation time in their employment package. Yet, surprisingly, only 23 percent use their full paid time off (PTO), even though four out of five would choose benefits as vacation time over a pay raise. Why? According to a recent Forbes article, a fear of getting behind and the concern that others can’t do their work are leading factors to remaining on the clock and off the beach.

One of the best ways you can increase productivity is by fostering a culture with a healthy work-life integration. That means taking time out of the office to enjoy the big (and little) things in life, from the Caribbean cruise of your dreams to watching your daughter’s dance rehearsal. According to research, employees who use their allotted PTO are 31 percent more productive over the course of a year than those who don’t. In fact, for every 10 hours of vacation time, there’s an 8 percent boost in performance review scores. And the higher the score, the better the quality of work.

  1. Improved Retention Rate

 Imagine your organization is like a ship, and your employees are the propeller, launching your company forward. In other words, employees either can make or break your company’s success; therefore, attracting and retaining world-class talent should be at the top of your priorities. And if vacation time is one of the biggest benefits employees seek in an employer, it’s a no-brainer that this employee motivation can affect the retention rate.

In recent reports, 23 percent of employees indicated they would be motivated to change jobs for more vacation days. That’s almost a quarter of the workforce! This is a problem because not only does turnover send the office morale plummeting, but increased turnover also creates added expenses in training new personnel, not to mention the time and money needed to get new hires up to speed. In light of this alarming statistic, ensure you are providing and allowing enough PTO to your employees. Otherwise, they could abandon ship altogether.

  1. Heightened Employee Engagement

 According to Forbes, employee engagement is defined as “the emotional commitment the employee has to the organization and its goals.” Chances are, if your employees are actively engaged with your company – meaning, they are invested in its successes and challenges – they are more likely to tackle more demanding projects, without being asked.

So how does a little extra PTO affect employee engagement? According to research from Quantum Workplace, employees who’ve taken time off in the last 30 days are approximately 16 percent more likely to be engaged than those who haven’t taken a vacation in the past 12 months. In that same study, 72 percent of employees who took off five or more consecutive days within the last month were more engaged, compared to 57 percent of employees who took a break over a year ago. With results like these, it’s easy to see why it’s essential to reset and recharge. Do yourself – and your employees, a favor this summer: encourage your workforce to take a well-deserved break.

To learn more about the benefits of paid time off and how it positively impacts your company, download our new “Sun, Sand and PTO Statistics: Vacationing by the Numbers” infographic.

 

Tags: , , , ,
Posted in Blog, Featured, Talent Management, What Employees Want

Monica Johnson

by Monica Johnson


Author Bio: As Paycom’s client marketing specialist, Monica Johnson utilizes a mixture of marketing and human capital management knowledge gained from years of industry experience. A graduate from the University of Central Oklahoma, Johnson has been with Paycom since 2013 and has served in numerous roles during her career with the company. In her spare time, she enjoys baking, exploring Oklahoma City and sipping coffee, while reading a good book, at one of her favorite local shops.

You might want to know our privacy policy has changed. View Policy

Okay, Got it!
X

Learn more about Paycom

  • Are you a current Paycom Client?

    Yes

    No

    • Talent Acquisition

    • Time & Labor Management

    • Payroll

    • Talent Management

    • HR Management

  • Subscribe me to Paycom's newsletter.

*Required

We promise never to sell, rent or share your personal information with a third party unless required by law. By submitting this form, you accept our Terms of Use and Privacy Policy.