Home » Our Blog » It’s That Time of Year Again: Tax Phishing Season
back to the top
Phishing Season

It’s That Time of Year Again: Tax Phishing Season

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

It’s That Time of Year Again: Tax Phishing Season

With tax season upon us, so are security concerns. Con artists – or “malicious actors” as they’re known in information technology (IT) circles – understand that people may be more susceptible to a well-crafted phishing email during tax-filing and refund time. For example, you would most likely be suspicious of an email about your W-2 form, or a request to complete an attached tax form arrived in July, October or December. But what if the same email landed in your inbox during February, March or April?

Most phishing emails should be easy to identify; telltale signs are poor grammar and punctuation or odd capitalization. However, some attempts will be more sophisticated. Since loose clicks sink ships, here are some examples of active phishing campaigns and some phishing best practices.

The Data-Harvesting Attack

The malicious actor will pose as a potential client, asking for tax preparation assistance. The exchange seems innocuous, but the malicious actor will set up a situation in which the victim lets down his or her guard and opens an attachment at some point during subsequent emails. This attachment exploits a vulnerability, harvesting contact information, which the attacker then uses to impersonate you and claim your tax refund.

The Log-In Request Attack

As a variation of this attack, you could be tricked into clicking a link or opening an attachment that requests that you log-in in with your email account credentials. Again, this scam exposes contact information, opening yourself up to phishing attacks.

The W-2 CEO Fraud Scam

The W-2 CEO Fraud scam is yet another phishing attack that targets innocent people by impersonating the CEO, President or other authority figure in the company. The newest variation of this email attack requests 2016 1040-EZ Form for all employees for accounting purposes and emphasizes urgency. This type of attack is extremely targeted because the malicious actor often knows who has access to the requested information and who most likely would be the employee making such a hasty request. This form of attack rarely has a formal signature, just a simple “thanks,” followed by the sender’s first name and a “Sent from my iPhone” tag. The attacker tries to make the email feel friendly, while also using authority and urgency to motivate the recipient.

Remember that sensitive information never should be transmitted over email. Legitimate institutions understand that email is not secure, and it should not be treated as such in regards to the exchange of sensitive financial and tax information. Paycom has secure ways to upload highly sensitive documents that are entirely independent of email. Anyone who tries to circumvent secure transmitting procedures – intentionally or not – should be instructed on how to share data securely. Any phishing incidents and attempts also should be shared with your information technology security team.

The IRS/Tax Commissioner Scam

For instance, a malicious actor will impersonate the IRS/Tax Commissioner, requesting you to fill out an attached form. The new form request is “due to a system upgrade.” The form name or number might even be a legitimate, though unfamiliar, IRS form, like the W-8BEN-E Form.

However, the fake form will have sections that not only request expected sensitive information, but also extensive bank account information such as:

  • Your bank’s branch address
  • Account officer’s name and email
  • Date account was opened
  • Date and amount of last deposit

This specific information allows the malicious actor to drain your bank accounts, in addition to claiming your tax refunds. Please note that legitimate sources will never need or request this level of account detail in order to file your taxes electronically and to complete a direct deposit.

In more personalized attacks, the malicious actor has figured out and will impersonate who prepares or handles your tax information. Similar to above, the attacker will ask you to fill out a form that may or may not include your banking information. Keep in mind that a malicious actor only needs basic tax information to steal your tax refund.

General Phishing Best Practices:

  1. Never send sensitive information through email.
  2. Be wary of unexpected email links, unexpected attachments and emails that stress urgency or that use fear as a motivator.
  3. Do not verify a suspicious email with an email reply.
  4. Call the sender using contact information you already have. If you don’t have contact information, independently search for the website–do not click any links.
  5. Financial institutions always send personalized emails that are addressed to you, in addition to having the last four digits of your account number. If these things are missing, be suspicious.
  6. Check the hyperlinks in all emails before clicking them by hovering over the link. Alternatively, use a bookmark that you’ve previously saved, use a Google search, or type the address manually.
  7. When looking for the URL domain name, start from the right, not the left.
    • Example: If read from left to right,http://www.paypal.com-verify-transactionid-84937213938021.login.ebay-buyprotection<dot>net/ this link appears to belong to PayPal. However, the address is actually ebay-buyprotection<dot>net, not PayPal.com.
  8. If you suspect you have been phished, contact your IT department or IT security team immediately. If you suspect that you are a phishing target, forward the email to spam@uce.gov, the impersonated institution, and your IT department.
  9. Check for the HTTPS and a closed padlock icon in the address bar anytime you are enter confidential information into an online application. This ensures the security of information entered and indicates a legitimate and registered website.

 

Remember: legitimate sources, clients, colleagues, bosses, etc., should never:

  • request sensitive information in an email signed with a “Sent from my iPhone” tag
  • send forms through email
  • send generic, impersonalized email (emails that do not address you by name)
  • ask for personal or financial information through email
  • request banking information in paper/electronic document forms
  • resort to threatening or intimidating language to click links in email
  • send emails with poor grammar or awkward language; always check grammar and language usage

Lastly, be suspicious of any email that requests highly sensitive information, or use email addresses that are not from the company’s domain. Check the sender’s email address. It might say it’s someone from your contacts list or a legitimate institution, but it is surprisingly easy to spoof the name associated with an email.


Paul Baresel

by Paul Baresel


Author Bio: With expertise in compliance, data leak prevention and enterprise e-discovery, Paul Baresel brings more than 13 years’ experience in cybersecurity to his role as Paycom’s Information Technology Security Manager. He previously served in similar roles at American Energy Partners, Farmers Insurance and Chesapeake Energy. After graduating from the University of Central Oklahoma with a degree in information systems management, the native Oklahoman earned his MBA from Oklahoma Christian University. Outside of work, he enjoys running, climbing and spending time with his wife and their three children.

Employee Experience

What the Employee Experience Is … and Is Not

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

HR departments and C-suites nationwide are abuzz with talk of the “employee experience,” often abbreviated as “EX.” It is the sum of all interactions, good or bad, that an employee has during his or her term of employment with a company.

As defined by author and futurist Jacob Morgan in his new book on the topic, The Employee Experience Advantage, those EX interactions can be divided among three environments that surround the worker:

  • technology
  • workspace
  • culture

The EX concept posits that all three bear equal importance, and that focusing on their long-term design results in an engaged workforce. In turn, productive and happy workers yield loyal customers.

What would improving the employee experience do for your organization? Check out this on-demand HRCI- and SHRM -certified webinar as we break down specifics. 

In addition, Morgan’s research shows that companies that invest in the EX reap rewards over companies that do not, to the tune of:

  • four times higher profits
  • three times higher revenue per employee
  • 40% lower turnover

Sounds like to build a positive employee experience all you have to do is create a utopia of benefits and perks, right?

Wrong.

What the EX Isn’t

Remember, experts define the EX as a totality of experiences that an employee has at his or her place of work, from Day 1 to either resignation, termination or retirement. Providing a positive employee experience doesn’t require satisfying employees’ every whim along the way, or ensuring that every interaction leaves employees feeling euphoric. It just means that the positives in the sum have to outweigh the negatives; you’re simply aiming to become a place where people want to work and want to come to work. After all, everyone has his or her share of negatives while on the clock, and it is unrealistic to think any office to be all unicorns and lollipops, no matter how many nap pods may be on the premises.

The Millennial Factor

With millennials projected to make up at least 50% of the workforce by 2020, employers face a tech-dependent majority that not only is comfortable with using technology in the workplace, but expects to use it (per research conducted by Adobe). Therefore, millennials are primed to be more open to embracing an EX, which relies upon technology as one of its three legs of support.

One way to support this desire for technology companywide is through implementation of an employee self-service platform. Whereas earlier generations may be used to paper-based processes — from tracking hours worked to completing benefits forms — and, therefore, may be hesitant or resistant toward cloud-based, self-service software that accomplishes the same tasks, millennials overwhelming prefer to forego the manual in favor of the technical.

In a recent millennial survey by Price Waterhouse Cooper, 60% of the millennials surveyed said that an employer’s investment into workplace technology was important when considering a job. Self-service software fits in to that category, reducing the burden placed on HR while empowering these young talented workers to take charge of entering and managing their own information.​

But again, let us caution that technology is just one of three critical components organizations must address to build a strong EX. For more information on all three pillars of the EX, download our free infographic, “Building a Strong Employee Experience: What It Is and Why It Matters.

Tags: ,
Posted in Blog, Employee Engagement, Featured, HR Management, Talent Management

Rod Lott

by Rod Lott


Author Bio: As Paycom’s Creative Services Manager, Rod Lott brings more than two decades of experience in marketing, advertising, branding and journalism. A published author and a graduate of the University of Oklahoma, he has worked with such brands as Blue Cross Blue Shield, Sonic Drive-In and OU.

Improve Employee Engagement

3 Ways to Immediately Improve Employee Engagement

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

For some employers, having happy employees is a want-to, not a have-to – it isn’t a priority. Making payroll, launching new campaigns and pleasing shareholders seems a more necessary than trying to create engaged, fulfilled employees. But happy, engaged employees are far more important to the success of a company than one might think.

What would improving the employee experience do for your organization? Check out this on-demand HRCI- and SHRM -certified webinar as we break down specifics. 

A Gallup study reported a measurable link between employee engagement and eight common metrics used to measure a business’ success:

  1. Customer Ratings
  2. Profitability
  3. Productivity
  4. Turnover
  5. Safety
  6. Theft Prevention
  7. Attendance
  8. Quality of the final product

 

In fact, companies with engaged employees show 22 % higher profitability and 147 % higher earnings per share than companies without them.

Let’s agree that happy employees are an integral part of your company’s success — so how do we cultivate them?

How to Engage Your Team

While creating an engaged team won’t happen overnight, here are three ways to begin:

1.Equip your employees

Equip your team with tools like engagement surveys to find and improve weak points. Use goal-setting tools that empower employees to reach new heights in their careers.

2. Educate your employees

People love to learn, so host a brown-bag lunch once a week and offer industry-related classes in the office. Give them tools like the Myers-Briggs personality assessment so they can learn how they work best and how to work better with others. Teach corporate culture with high-quality online learning tools that employees can work through at their own pace.

3. Empower your employees

The days of people being cogs in a machine are over—happy, creative individuals make your business better. According to Seth Godin’s Linchpin, today’s employees crave responsibility, opportunity and the authority to make decisions. Create a culture that tells every employee he or she matters. Offer chances for everyone to pitch their big ideas. Give employees control over their own career decisions with employee self-service tools.

Look at your employees as individuals — individuals who want to learn, share their talents, know they’re making a difference and be part of a business they believe in. When your employees are happy, you, your investors and your customers will be, too.

Tags:
Posted in Blog, Employee Engagement, Featured, HR Management, What Employees Want

Braeden Fair

by Braeden Fair


Author Bio: Braeden Fair produces webinars and podcasts for Paycom, in addition to writing content for the company’s blog and its employee culture magazine, Paycom Pulse. A graduate of Oklahoma Christian University, he managed social media for the college’s student life division and worked in the broadcasting departments of the Oklahoma City Thunder and the Dallas-based sports-talk radio station The Ticket.

Millennial Workplace

4 Truths About the Ideal Millennial Workplace

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

In today’s increasingly technology-heavy workplace, the millennial workforce continues to grow and thrive.

According to the Pew Research Center, the millennial labor force surpassed Generation X as the largest in the workforce in 2015. In fact, Pricewaterhouse Coopers estimates that millennials will make up 50% of the workforce by 2020.

Listen now to our HR Break Room podcast episode, A Hire Purpose: Build a Thriving Culture for Millennials

As they continue to grow and baby boomers increasingly retire, more millennials will assume management positions. In the recent two-part episode of Paycom’s HR Break Room podcast, guest Adam Smiley Poswolsky, author of The Quarter-Life Breakthrough, spoke about what businesses must do in order to make that transition as seamlessly as possible.

Here are four key takeaways from that conversation.

1. Purpose-driven workplaces draw millennials.

With 90% of millennials wanting to use their skills for good, they are demanding that companies provide purpose and meaning, so that their day-to-day work is not just an 8-to-5 job, but also something that defines them. They want to feel valued in their work and that their work is making a difference, so much so that half of them will take a pay cut to find work that matches their values!

In order to attract and retain top talent from this generation, creating a culture of purpose and meaning is essential to organizational success.

2. A transparent workplace is critical.

 In order to meet the needs of today’s workforce, employers should strive to be clear about what working there is like. The most forward-thinking organizations realize that millennials are going to research company culture, whether through Glassdoor or the grapevine, so recruitment efforts should clearly communicate the benefits and mission. Training and technology are especially popular among millennials, who are seeking purpose-driven opportunities that offer the opportunity to leave an impact.

With so many young people in the workforce, the workplace has become an extension of the classroom. Unlike baby boomers and earlier generations, millennials have to do more than to be good at just one thing and ride that skill for the next 40 years, thanks to the nature of technology and the state of the economy. In order to retain the most ambitious employees, you have to keep teaching them new desirable skills.

3. Millennials operate by a management style all their own.

A Global Workforce report states that 25% of millennials in the workforce will take on management positions. With the same report indicating that 3.6 million baby boomers will retire by the end of this year, it is essential for organizations nationwide to begin adjusting to the needs of the millennial management style.

Millennials are huge fans of collaboration and always looking for new ideas to get things done faster and more efficiently. They prefer co-leadership to more traditional hierarchical structures and are not as interested in doing things because “that’s how it’s always been done.” Even if not every idea is accepted, millennial managers like to give their talent room to try new things … and even room to fail.

This emerging style is going to prove especially important as the next generation of employees, Generation Z (born between 1994 and 2010), begin to enter the workforce. They value authenticity and want to work in an organization where their ideas are heard, regardless of job title. This interest in transparency and innovation makes them a more natural fit to be led by millennial managers.

Under New Management: The Rise of Millennial Managers and Generation Z

4. Millennials and Generation Z embrace learning through technology.

Collaboration and transparency are easier to achieve through technology, a key building block to any successful employee experience. Today’s top talent find and apply jobs through the internet, and then learn more about prospective employers the same way. Once they set themselves on a career path, they have become accustomed to learning new skills through YouTube videos or listening to podcasts.

 

Both Millennials and Generation Z have grown up having instant messaging tools, video streams and high-speed internet connections at their fingertips at all times. To create a seamless and attractive employee experience, employers should ensure such tools be incorporated into the workplace, at every stage from onboarding to retirement. Companies that truly understand how to use such tech tools as online learning platforms and surveys will be able to create an organization that is transparent and collaborative, and a culture that is efficient and goal-driven.

Tags: , , , ,
Posted in Blog, Featured, Millennials

Caleb Masters

by Caleb Masters


Author Bio: Caleb is the host of The HR Break Room and a Webinar and Podcast Producer at Paycom. With more than 5 years of experience as a published online writer and content producer, Caleb has produced dozens of podcasts and videos for multiple industries both local and online. Caleb continues to assist organizations creatively communicate their ideas and messages through researched talks, blog posts and new media. Outside of work, Caleb enjoys running, discussing movies and trying new local restaurants.

X

Learn more about Paycom

  • Are you a current Paycom Client?

    Yes

    No

    • Talent Acquisition

    • Time & Labor Management

    • Payroll

    • Talent Management

    • HR Management

  • Subscribe me to Paycom's newsletter.

*Required

We promise never to sell, rent or share your personal information with a third party unless required by law. By submitting this form, you accept our Terms of Use and Privacy Policy.