Home » Our Blog » It’s That Time of Year Again: Tax Phishing Season
back to the top
Phishing Season

It’s That Time of Year Again: Tax Phishing Season

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

It’s That Time of Year Again: Tax Phishing Season

With tax season upon us, so are security concerns. Con artists – or “malicious actors” as they’re known in information technology (IT) circles – understand that people may be more susceptible to a well-crafted phishing email during tax-filing and refund time. For example, you would most likely be suspicious of an email about your W-2 form, or a request to complete an attached tax form arrived in July, October or December. But what if the same email landed in your inbox during February, March or April?

Most phishing emails should be easy to identify; telltale signs are poor grammar and punctuation or odd capitalization. However, some attempts will be more sophisticated. Since loose clicks sink ships, here are some examples of active phishing campaigns and some phishing best practices.

The Data-Harvesting Attack

The malicious actor will pose as a potential client, asking for tax preparation assistance. The exchange seems innocuous, but the malicious actor will set up a situation in which the victim lets down his or her guard and opens an attachment at some point during subsequent emails. This attachment exploits a vulnerability, harvesting contact information, which the attacker then uses to impersonate you and claim your tax refund.

The Log-In Request Attack

As a variation of this attack, you could be tricked into clicking a link or opening an attachment that requests that you log-in in with your email account credentials. Again, this scam exposes contact information, opening yourself up to phishing attacks.

The W-2 CEO Fraud Scam

The W-2 CEO Fraud scam is yet another phishing attack that targets innocent people by impersonating the CEO, President or other authority figure in the company. The newest variation of this email attack requests 2016 1040-EZ Form for all employees for accounting purposes and emphasizes urgency. This type of attack is extremely targeted because the malicious actor often knows who has access to the requested information and who most likely would be the employee making such a hasty request. This form of attack rarely has a formal signature, just a simple “thanks,” followed by the sender’s first name and a “Sent from my iPhone” tag. The attacker tries to make the email feel friendly, while also using authority and urgency to motivate the recipient.

Remember that sensitive information never should be transmitted over email. Legitimate institutions understand that email is not secure, and it should not be treated as such in regards to the exchange of sensitive financial and tax information. Paycom has secure ways to upload highly sensitive documents that are entirely independent of email. Anyone who tries to circumvent secure transmitting procedures – intentionally or not – should be instructed on how to share data securely. Any phishing incidents and attempts also should be shared with your information technology security team.

The IRS/Tax Commissioner Scam

For instance, a malicious actor will impersonate the IRS/Tax Commissioner, requesting you to fill out an attached form. The new form request is “due to a system upgrade.” The form name or number might even be a legitimate, though unfamiliar, IRS form, like the W-8BEN-E Form.

However, the fake form will have sections that not only request expected sensitive information, but also extensive bank account information such as:

  • Your bank’s branch address
  • Account officer’s name and email
  • Date account was opened
  • Date and amount of last deposit

This specific information allows the malicious actor to drain your bank accounts, in addition to claiming your tax refunds. Please note that legitimate sources will never need or request this level of account detail in order to file your taxes electronically and to complete a direct deposit.

In more personalized attacks, the malicious actor has figured out and will impersonate who prepares or handles your tax information. Similar to above, the attacker will ask you to fill out a form that may or may not include your banking information. Keep in mind that a malicious actor only needs basic tax information to steal your tax refund.

General Phishing Best Practices:

  1. Never send sensitive information through email.
  2. Be wary of unexpected email links, unexpected attachments and emails that stress urgency or that use fear as a motivator.
  3. Do not verify a suspicious email with an email reply.
  4. Call the sender using contact information you already have. If you don’t have contact information, independently search for the website–do not click any links.
  5. Financial institutions always send personalized emails that are addressed to you, in addition to having the last four digits of your account number. If these things are missing, be suspicious.
  6. Check the hyperlinks in all emails before clicking them by hovering over the link. Alternatively, use a bookmark that you’ve previously saved, use a Google search, or type the address manually.
  7. When looking for the URL domain name, start from the right, not the left.
    • Example: If read from left to right,http://www.paypal.com-verify-transactionid-84937213938021.login.ebay-buyprotection<dot>net/ this link appears to belong to PayPal. However, the address is actually ebay-buyprotection<dot>net, not PayPal.com.
  8. If you suspect you have been phished, contact your IT department or IT security team immediately. If you suspect that you are a phishing target, forward the email to spam@uce.gov, the impersonated institution, and your IT department.
  9. Check for the HTTPS and a closed padlock icon in the address bar anytime you are enter confidential information into an online application. This ensures the security of information entered and indicates a legitimate and registered website.

 

Remember: legitimate sources, clients, colleagues, bosses, etc., should never:

  • request sensitive information in an email signed with a “Sent from my iPhone” tag
  • send forms through email
  • send generic, impersonalized email (emails that do not address you by name)
  • ask for personal or financial information through email
  • request banking information in paper/electronic document forms
  • resort to threatening or intimidating language to click links in email
  • send emails with poor grammar or awkward language; always check grammar and language usage

Lastly, be suspicious of any email that requests highly sensitive information, or use email addresses that are not from the company’s domain. Check the sender’s email address. It might say it’s someone from your contacts list or a legitimate institution, but it is surprisingly easy to spoof the name associated with an email.


Paul Baresel

by Paul Baresel


Author Bio: With expertise in compliance, data leak prevention and enterprise e-discovery, Paul Baresel brings more than 13 years’ experience in cybersecurity to his role as Paycom’s Information Technology Security Manager. He previously served in similar roles at American Energy Partners, Farmers Insurance and Chesapeake Energy. After graduating from the University of Central Oklahoma with a degree in information systems management, the native Oklahoman earned his MBA from Oklahoma Christian University. Outside of work, he enjoys running, climbing and spending time with his wife and their three children.

talent shortage

How the Talent Shortage Threatens Your Business’s Bottom Line

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

Human nature and the rapid pace of the workday sometimes conspire to force us into a myopic view of our organization. For instance, we may be so concentrated on attacking a problem within our department that we neglect to consider if the issue has infiltrated other departments as well.

If the issue is filling head count with qualified candidates, assume it has spread like a virus, to every room of every floor. Your business cannot afford to do otherwise.

While the problem is global, it is worse in the U.S., where 46% of all organizations currently experience difficulty filling open positions. Not only is that number up from 32% in 2015, it’s at its highest rate in 10 years. Experts predict it will rise even higher, meaning the war for talent just got harder.

The skills gap

The irony is, with an improving economy and an employment-to-population ratio around 82%, more people are in the American workforce now than in nearly a decade. So shouldn’t employers be inundated with résumés?

In general, they are … but not with the right kind of résumés. Almost 20% of applicants lack the experience companies seek. An equal number do not possess the necessary, specific hard skills the positions require, such as computer programming.

This skills gap has led to longer open positions. This year, the average is a full month: 31 days. Ten years ago, it took eight fewer days. How long can your business get by with letting critical functions go unfilled?

A domino effect

Arguably, the most obvious effect caused by open positions is lower morale among staff members, particularly those who have to pick up the proverbial slack. Having extra work atop their regular duties lowers their productivity, which in turn, lowers quality.

Before long, customers will take note. Perhaps they notice the product is not up to the company’s usual standard, or that your service may be lacking. Or, worse, they notice both. Either way, your competitiveness in the marketplace takes a hit, and we know the effect that has on the bottom line: not the desirable kind.

Ultimately, in a talent shortage left unaddressed, your business experiences all of the above, plus higher turnover. And higher turnover only compounds the problem that started this whole mess!

 Steps to take

The good news is, good news exists. The proper HR technology can streamline, speed up and automate your recruiting processes to attract more qualified candidates and filter out the unqualified ones. Automated preboarding helps keep new hires looped in, so they are not lost to the chasm of time between the job offer and Day 1.

The bad news is, if you don’t take such steps, and outdated, manual processes continue to rule the roost, your business will suffer defeat in the war for talent.

For more information on the current talent shortage, as well as strategic steps organizations can take on a path toward victory, download our free infographic, How the Talent Shortage Harms Your Entire Business.

Tags: , , ,
Posted in Blog, Featured, Talent Acquisition

Rod Lott

by Rod Lott


Author Bio: As Paycom’s Creative Services Manager, Rod Lott brings more than two decades of experience in marketing, advertising, branding and journalism. A published author and a graduate of the University of Oklahoma, he has worked with such brands as Blue Cross Blue Shield, Sonic Drive-In and OU.

The 1 Thing Efficient, Happy and Motivated Employees Have in Common

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

Efficiency, happiness and motivation: These traits characterize the ideal employee, but how can today’s employers inspire their workforce to have more of each? Through the use of carefully chosen technology. Here’s how technology factors in to developing your employees into the best they can be.

Click here to see Jacob Morgan’s SHRM-certified on-demand webinar “How to Win the War for Talent and Crush the Competition” on how the world’s top companies are redesigning work around their people by focusing on three environments: culture, technology and the physical workspace.

Efficient employees

Of course, your employees are not machines. Efficiency for your business means employees are doing the right things at the right time; as management consultant Peter Drucker put it, “Efficiency is doing better what is already being done.” The work you hired them to do is performed with excellence.

Technology goes hand-in-hand with efficiency, and that can make your employees happier! In fact, as reported by Access Perks, 92% of employees say having the tech to efficiently do their jobs improves their overall satisfaction in their work. Employees don’t want just any technology; make sure you’re offering the latest tech that can help them perform better in their roles.

Happy employees

Whether your employees are happy can affect many things within your workplace. More than a feeling your people exhibit from 8 to 5, happiness speaks to their satisfaction in their role within your company. When your employees love what they do, that’s how you know they’re happy in their jobs.

The employee experience is the sum of all things good or bad in an employee’s time at your company. A positive employee experience leads to happier employees who are more willing to accept growth and change, and are emotionally prepared to handle the occasional setback.

Jacob Morgan, author of The Employee Experience, describes technology as a key factor in building a positive employee experience. His research shows that 81% of workers say technology is the most important factor in their happiness at work, and 86% say that when their company’s technology is ahead of the curve, they love their job. When employees love their jobs, they become more motivated for the success of the company that has invested in them.

Motivated employees

According to Forbes magazine, motivation leads to productivity, allowing for more work to get done and boosting your bottom line. Chances are, no matter the quarter, your HR team has looked for innovative ways to motivate and engage employees. Incentives, prizes and pizza parties are obvious choices in the search for employee motivation, but is a “prize” the best method?

One powerful motivator that isn’t just another prize is technology; according to PricewaterhouseCoopers, at 48%, nearly half of the American workforce says that new technology is an effective motivator. Are you providing the state-of-the-art, user-friendly tech that can motivate your workforce?

Technology that is up-to-date and simple to use can help you provide the environment your employees need to thrive.  As tech-dependent millennials make up a larger share of the workforce, and Generation Z digital natives begin their careers, technology increasingly becomes a critical part of the employee experience.  Help your employees meet their maximum potential by providing the right technology to keep them efficient, happy and motivated.

Looking for a deeper dive into the employee experience? Check out the HR Break Room podcast episode, “Happy Employees = Happy Customers: The Equation for a Winning Workforce” with author Jacob Morgan.

Tags: , , , ,
Posted in Blog, Employee Experience, Featured

braeden.fair

by Braeden Fair


Author Bio: Braeden Fair produces webinars and podcasts for Paycom, in addition to writing content for the company’s blog and its employee culture magazine, Paycom Pulse. A graduate of Oklahoma Christian University, he managed social media for the college’s student life division and worked in the broadcasting departments of the Oklahoma City Thunder and the Dallas-based sports-talk radio station The Ticket.

Employer Brand

Why Your Employer Brand Matters

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

Hello. My name is Amy, and at one time, my Coca-Cola rugby shirt was my most prized possession. Chances are you – or someone you know – had at least one and felt the same way. Those preppy, color-blocked beauties with the classic Coca-Cola scroll were pure Americana. They were so rad.

They were also uncomfortable. The material was thick and hot, the boxy shape was cumbersome and the collars were stiff. So what would inspire millions of sensible people to pay good money and outfit themselves in one? The answer: brand power.

Brands amplify the personal traits and characteristics of which we’re most proud. Brands show others who we are and want to be. They’re a fiercely personal association that sways our decision-making, regardless of whether we like to admit it, and they’re just as powerful today as they were in 1985.

If you don’t believe me, just embroil yourself in a debate about Macs vs. PCs, or Target vs. Walmart. Two things will happen immediately. First, regret will overwhelm you. Secondly, as voices rise and tempers flare, you’ll see that brands continue to serve as an extension of who we believe we are.

Great expectations

While the influence brands have over us remains strong, what we expect from them has changed. Today, companies can’t win customers by building a brand the old-fashioned way, with logo-emblazoned gear, slick photo shoots and ads in glossy magazines. Cultivating a trustworthy brand requires transparency. We want to know which brands mirror our values and operate in a way we believe in, too.

And we can, thanks to the internet. Now, not even the slickest ads in the world can spare brands from the destruction that negative reviews, an exposé on unethical practices or a shocking YouTube video can bring. The power of shaping a brand now lies with the company who owns it and the customers they serve.

Why it matters for HR and recruiting

So what does this have to do with your company’s reputation as an employer, aka your employer brand? Everything.

Just as consumers choose products based on brand identity, candidates choose jobs based on employer brand. Consumers want transparency. Candidates do, too. Review websites like TripAdvisor and Yelp offer consumers a forum to share honest experiences with thousands of people. Major job sites like Glassdoor, LinkedIn and Indeed provide employees a similar outlet.

And candidates pay attention. Much like consumers contemplating a big purchase, candidates planning to make a big move do research. Before applying, 62% of job seekers will use social media channels to evaluate a company and 76% will view an employee’s LinkedIn page, while 60% consider word-of-mouth to be their best source of information.

To nab today’s top talent, you must enter the conversation and cultivate your employer brand.

Isn’t that marketing’s job?

Although the similarities between the consumer brand and the employer brand would suggest it, that’s not the case. And shaping or managing your employer brand doesn’t just belong to HR, either. Because your employer brand has to portray your company’s employee experience accurately, everyone who has a hand in shaping that has a hand in cultivating the employer brand.

Download our new, FREE white paper: Discover Who Owns the Employer Brand? (Hint: It’s Not Just HR)

Once you understand the role everyone in your organization plays in cultivating the employer brand, you can begin making steps toward recruiting, hiring, onboarding and retaining the talent your business needs. Then, take some time to design an awesome (and hopefully comfortable) employer-branded shirt. Your workforce will be just dying to wear it.

Tags:
Posted in Blog, Featured, HR Management, Talent Acquisition

Amy Double

by Amy Double


Author Bio: Amy, a tenured professional in sales and marketing with over 10 years of experience, is dedicated to creating content focused on helping organizations achieve their business goals. As an experienced writer, Amy is committed to researching and blogging about topics that affect businesses across multiple industries, including manufacturing, hospitality and more. Outside of work, Amy enjoys reading, entertaining and spending time with family.

X

Learn more about Paycom

  • Are you a current Paycom Client?

    Yes

    No

    • Talent Acquisition

    • Time & Labor Management

    • Payroll

    • Talent Management

    • HR Management

  • Subscribe me to Paycom's newsletter.

*Required

We promise never to sell, rent or share your personal information with a third party unless required by law. By submitting this form, you accept our Terms of Use and Privacy Policy.