Home » Our Blog » It’s That Time of Year Again: Tax Phishing Season
back to the top
Phishing Season

It’s That Time of Year Again: Tax Phishing Season

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

It’s That Time of Year Again: Tax Phishing Season

With tax season upon us, so are security concerns. Con artists – or “malicious actors” as they’re known in information technology (IT) circles – understand that people may be more susceptible to a well-crafted phishing email during tax-filing and refund time. For example, you would most likely be suspicious of an email about your W-2 form, or a request to complete an attached tax form arrived in July, October or December. But what if the same email landed in your inbox during February, March or April?

Most phishing emails should be easy to identify; telltale signs are poor grammar and punctuation or odd capitalization. However, some attempts will be more sophisticated. Since loose clicks sink ships, here are some examples of active phishing campaigns and some phishing best practices.

The Data-Harvesting Attack

The malicious actor will pose as a potential client, asking for tax preparation assistance. The exchange seems innocuous, but the malicious actor will set up a situation in which the victim lets down his or her guard and opens an attachment at some point during subsequent emails. This attachment exploits a vulnerability, harvesting contact information, which the attacker then uses to impersonate you and claim your tax refund.

The Log-In Request Attack

As a variation of this attack, you could be tricked into clicking a link or opening an attachment that requests that you log-in in with your email account credentials. Again, this scam exposes contact information, opening yourself up to phishing attacks.

The W-2 CEO Fraud Scam

The W-2 CEO Fraud scam is yet another phishing attack that targets innocent people by impersonating the CEO, President or other authority figure in the company. The newest variation of this email attack requests 2016 1040-EZ Form for all employees for accounting purposes and emphasizes urgency. This type of attack is extremely targeted because the malicious actor often knows who has access to the requested information and who most likely would be the employee making such a hasty request. This form of attack rarely has a formal signature, just a simple “thanks,” followed by the sender’s first name and a “Sent from my iPhone” tag. The attacker tries to make the email feel friendly, while also using authority and urgency to motivate the recipient.

Remember that sensitive information never should be transmitted over email. Legitimate institutions understand that email is not secure, and it should not be treated as such in regards to the exchange of sensitive financial and tax information. Paycom has secure ways to upload highly sensitive documents that are entirely independent of email. Anyone who tries to circumvent secure transmitting procedures – intentionally or not – should be instructed on how to share data securely. Any phishing incidents and attempts also should be shared with your information technology security team.

The IRS/Tax Commissioner Scam

For instance, a malicious actor will impersonate the IRS/Tax Commissioner, requesting you to fill out an attached form. The new form request is “due to a system upgrade.” The form name or number might even be a legitimate, though unfamiliar, IRS form, like the W-8BEN-E Form.

However, the fake form will have sections that not only request expected sensitive information, but also extensive bank account information such as:

  • Your bank’s branch address
  • Account officer’s name and email
  • Date account was opened
  • Date and amount of last deposit

This specific information allows the malicious actor to drain your bank accounts, in addition to claiming your tax refunds. Please note that legitimate sources will never need or request this level of account detail in order to file your taxes electronically and to complete a direct deposit.

In more personalized attacks, the malicious actor has figured out and will impersonate who prepares or handles your tax information. Similar to above, the attacker will ask you to fill out a form that may or may not include your banking information. Keep in mind that a malicious actor only needs basic tax information to steal your tax refund.

General Phishing Best Practices:

  1. Never send sensitive information through email.
  2. Be wary of unexpected email links, unexpected attachments and emails that stress urgency or that use fear as a motivator.
  3. Do not verify a suspicious email with an email reply.
  4. Call the sender using contact information you already have. If you don’t have contact information, independently search for the website–do not click any links.
  5. Financial institutions always send personalized emails that are addressed to you, in addition to having the last four digits of your account number. If these things are missing, be suspicious.
  6. Check the hyperlinks in all emails before clicking them by hovering over the link. Alternatively, use a bookmark that you’ve previously saved, use a Google search, or type the address manually.
  7. When looking for the URL domain name, start from the right, not the left.
    • Example: If read from left to right,http://www.paypal.com-verify-transactionid-84937213938021.login.ebay-buyprotection<dot>net/ this link appears to belong to PayPal. However, the address is actually ebay-buyprotection<dot>net, not PayPal.com.
  8. If you suspect you have been phished, contact your IT department or IT security team immediately. If you suspect that you are a phishing target, forward the email to spam@uce.gov, the impersonated institution, and your IT department.
  9. Check for the HTTPS and a closed padlock icon in the address bar anytime you are enter confidential information into an online application. This ensures the security of information entered and indicates a legitimate and registered website.

 

Remember: legitimate sources, clients, colleagues, bosses, etc., should never:

  • request sensitive information in an email signed with a “Sent from my iPhone” tag
  • send forms through email
  • send generic, impersonalized email (emails that do not address you by name)
  • ask for personal or financial information through email
  • request banking information in paper/electronic document forms
  • resort to threatening or intimidating language to click links in email
  • send emails with poor grammar or awkward language; always check grammar and language usage

Lastly, be suspicious of any email that requests highly sensitive information, or use email addresses that are not from the company’s domain. Check the sender’s email address. It might say it’s someone from your contacts list or a legitimate institution, but it is surprisingly easy to spoof the name associated with an email.


Paul Baresel

by Paul Baresel


Author Bio: With expertise in compliance, data leak prevention and enterprise e-discovery, Paul Baresel brings more than 13 years’ experience in cybersecurity to his role as Paycom’s Information Technology Security Manager. He previously served in similar roles at American Energy Partners, Farmers Insurance and Chesapeake Energy. After graduating from the University of Central Oklahoma with a degree in information systems management, the native Oklahoman earned his MBA from Oklahoma Christian University. Outside of work, he enjoys running, climbing and spending time with his wife and their three children.

Paid Family Leave Program

New York to Implement Nation’s Most Comprehensive Paid Family Leave Program

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

New York to Implement Nation’s Most Comprehensive Paid Family Leave Program

Private employers in the state of New York will soon be required to provide up to 12 weeks of paid family leave. The new law will apply to all employees of employers covered by the state’s worker’s compensation law and will be completely employee-funded via payroll deductions. Public employers are permitted to participate by opting-in to the program.

Growing Trend

These types of “paid family leave” laws continue to gain momentum. Three other states (California, New Jersey and Rhode Island) provide workers with partial pay during parental leave. Some cities have even joined in on the trend. San Francisco passed a paid family leave program in 2016, and Washington, D.C. also recently approved one that will take effect in 2020.

New York lawmakers championed this law as a pivotal step in the pursuit of equality and dignity in both the workplace and home. “New York enacted the strongest paid family leave plan in the nation to ensure that no one has to choose between losing a job and missing the birth of a child, or being able to spend time with a loved one in their final days,” said New York Governor, Andrew Cuomo, upon passage of the law.

Employee Eligibility

The New York legislation originally passed in April of 2016, but the obligations for employers and employees were announced just recently.

Beginning January 1, 2018, the state’s paid family leave program will provide employees with employment protection and partial wage replacement if they spend time away from work to:

  1. bond with a child (including fostering or adopting)
  2. help relieve family pressures when someone is called to active military service
  3. care for a close relative with a serious health condition

A “close relative” as defined under the law includes a spouse, domestic partner, child, parent (including in-law), grandparent and grandchild. An employee must be employed full-time for 26 weeks, or part-time for 175 days to be eligible for a paid family leave benefit. An employer may permit an employee to use vacation or sick leave while on leave, but may not require its use.

 Employer Impact

The complete 12-week benefit will not be implemented fully until 2021. The amount of paid family leave and the percentage of the employee’s salary paid will be realized over four years:

 

Year Weeks
Available
Max % of
Employee Salary
Cap % of State
Average Weekly Wage
1/1/2018 8 50% 50%
1/1/2019 10 55% 55%
1/1/2020 10 60% 60%
1/1/2021 12 67% 67%

 

Employers will be required to purchase a paid family leave insurance policy or self-insure. The employee will pay the premiums of the policy via payroll deductions, beginning July 1, 2017.

For more information about the phase-in process, calculation of the Average Weekly Wage, or general information on the program, visit the New York paid family leave website.

Disclaimer: This blog includes general information about legal issues and developments in the law. Such materials are for informational purposes only and may not reflect the most current legal developments. These informational materials are not intended, and must not be taken, as legal advice on any particular set of facts or circumstances. You need to contact a lawyer licensed in your jurisdiction for advice on specific legal issues problems.

Tags: , , , ,
Posted in Blog, Employment Law, Featured, Pre-Employment, Talent Acquisition, Talent Management

Jason Hines

by Jason Hines


Author Bio: Jason Hines is a Paycom compliance attorney. With more than five years’ experience in the legal field, he monitors developments in human resource laws, rules and regulations to ensure any changes are promptly updated in Paycom’s system for our clients. Previously, he was an attorney at the Oklahoma City law firm Elias, Books, Brown & Nelson. Hines earned a bachelor’s degree from the University of Central Oklahoma and his juris doctor degree from the Oklahoma City University School of Law, where he graduated cum laude. A fan of the Oklahoma City Thunder, Hines also enjoys exploring the great outdoors with his wife and daughter.

Pre-Board

5 Ways to Pre-Board Hires and Improve Employee Experience

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

5 Ways to Pre-Board New Hires and Improve the Employee Experience

In today’s world of instant gratification, today’s workforce expects a good experience fast and are willing to walk if their expectations aren’t met. According to the Harvard Business Review, almost 33 percent of new hires start searching for a different job within the first six months of employment. Tackling that ambivalence early is crucial. One tangible way to ensure your employees feel engaged is through pre-boarding – preparing employees for their first day. There are several reasons employers should care about their new employee’s initial interactions with the organization. Aside from retention, pre-boarding builds confidence and gives new hires a good impression of their workplace.

Pre-boarding isn’t just a feel-good buzz word, either. It’s a win-win for employees and employers. This is especially true when it comes to the universal desire for day-one productivity. The C-suite values new hires who can become contributors faster and millennial employees crave the opportunity to do just that.

So, how do you incorporate pre-boarding into your new hire process? Below are five simple ways to get you started.

1. Hello there

Information is a necessity. Starting a new job is nerve-wracking, which is why a friendly, informational new-hire email is the perfect way to calm jittery nerves and set the stage for success. Not sure what to include? Let new hires know where to park, remind them of the dress code, and (if applicable) inform them about your HR technology and how to log-in. Whatever you decide to include, make sure it’s clear, concise and friendly.

2. Get social!

You already know how crucial a social media presence is for businesses, which is why you likely have incorporated a robust strategy that supports not only business goals, but also highlights your engaging corporate culture. Well, it’s time to show it off to a socially conscious workforce! Included in the welcome email should be your Facebook, Twitter, LinkedIn and Instagram pages, and encourage new employees to explore and engage with their preferred social channels. It may seem like a small gesture, but facilitating a space where new hires have the ability to discover your values, culture and people is actually quite big.

3. A video is worth a thousand words

So you’re pretty proud of your hip office and energized employees? Put them in front of a camera! Videos that highlight your office, people and culture are fantastic ways for new hires to feel welcomed and inspired. Videos also give employees an inside look at the office layout and an understanding of how people interact with each other. Not sure a video will work? Think again. Since one-third of online activity is spent watching videos, it’s actually the perfect way to pre-board a YouTube-loving workforce.

4. A little swag

Everyone loves a good swag bag. If your company is big enough to send a few company-branded products, do it. You’ll be amazed at how far a logo-laden mug or package of pens will go to make new hires feel like a part of the team. Don’t have branded items? A hand-written note from their future manager on company letterhead also will help new hires feel part of something bigger. Go one step further and include a restaurant gift card and a note to take a moment to celebrate their new position with family, your treat.

5. Surveys and Training through LMS

Employees also want a clear picture of expectations and an understanding of how to carry out responsibilities. Training is important to today’s workforce, and no matter the hire’s age, he or she wants to feel informed and prepared.

With an online self-service portal, new hires can begin on-demand training through a learning management system as part of pre-boarding. Courses could include company welcome and meet-the-team videos, the employee handbook and further information about their specific roles. Training done before day one helps new hires acclimate to their jobs quicker and feel accomplished early.

All the time and effort put into your Informative emails, social media efforts, welcome videos, branded coffee mugs, and that first day of on-boarding adds up in both expenses and employee time. Be sure to measure your company’s efforts by surveying new hires 30 days after their start date with a survey tool. By consistently asking “How did we do?” you’ll soon be able to evaluate and improve on your pre- and day of on-boarding process.

Different companies quantify employee experience differently; however, every company can benefit from new employees who feel welcomed and ready to get down to business. And there’s no time like now, to start elevating your employees’ experiences.

Tags: ,
Posted in Blog, Employee Engagement, Featured, HR Management, Learning Management, Talent Acquisition, Talent Management, What Employees Want

Chad Raymond

by Chad Raymond


Author Bio: With over 19 years of experience in employee engagement, benefits administration and government compliance, Chad has unparalleled knowledge in the fields of leadership and human resources. Chad has worked in several different capacities with Paycom including leading our product development team and HCM initiatives as well as the former director of Paycom’s service department. Chad’s vision and execution helped empower executives and their teams to reach their full potential, ultimately leading to his role as Paycom’s vice president of HR.

LMS Content

LMS 101: 4 Tips for Your Own E-Learning

Share on Facebook Share on Twitter Share on LinkedIn Share on Google Plus Share through email Print it More share options

Learning Management Systems 101 is a weekly blog series exploring how employers can rethink traditional employee training and move toward e-learning solutions, which are faster, easier to access, and more cost effective. “4 Tips for Creating Your Own E-Learning” is the sixth post of the series.

LMS 101: 4 Tips for Your Own E-Learning

Today’s workforce is increasingly comprised of people who are paid to think and learn. In order to provide the best new content for your employees, your online learning course needs to be a carefully crafted mix of relevancy and entertainment to ensure employees retain the information. Here are four tips to generating online learning content that can help today’s learners.

On-Demand Webinar: Higher Education, Engaging Employees Through E-Learning

1. The Reason(s) Why

As you build new learning content, ask yourself:

  • What is RED today that needs to be GREEN tomorrow?
    • What report margins am I looking at, and which elements need to increase or decrease?
  • What are the c-suite level stress points, and how can this training course impact those business needs?
  • Who is my audience? All employees or just a select department, possibly a management level or maybe this course is just for clients?
  • What is the deadline for employee implementation of this new knowledge?

These questions are relevant to every business, no matter your industry, and by identifying the reasons why you want to build a new e-learning course, you now have your purpose.

2. The Call to Action

At this point, you know the purpose of the course, so how are you going to grab your audience’s attention? Will this course increase chances of promotion, or maybe provide the audience with tools to close more sales? What is your call to action (CTA), meaning, what is the stimulus to achieve this aim, what is the reason to sit through an online training class?

Factual research is particularly important when crafting your CTA, whether you’re administering training that deals with government regulations, industry guidelines, selling tactics or customer service improvements. Be sure to revisit company policies and procedures – such as those pertaining to employee benefits – to ensure learners receive the most current and relevant information as they set aside this time to learn.

3. Design the Training Experience

The ability to learn fast is a dynamic competitive advantage in business; and a good learning management system (LMS should allow you publish online training materials incorporating different tools, which all need to answer the learner’s unspoken question, “How fast can I see success?

  • Videos
  • Podcasts
  • Webinars
  • Text
  • PDFs
  • PowerPoint presentations

The current generation entering the workforce, the millennials, are tech-dependent and expect to learn on the job, with modern tech, and quickly. Use their expectations to your businesses advantage. By utilizing a mix of media you can increase information retention and engagement, and will help your audience, no matter the generation, to learn fast. So, choose the mediums that best allow you to convey your message, and the motivation behind the learning opportunity.

4. Measure the Outcome

Producing effective e-learning content is meaningless if you can’t report it. If you can’t automatically survey to learn the effectiveness of your new 20-minute course, then what did you really do? A sound LMS should provide metrics by region, manager, percentages and a centralization point to access data that leads to productive reporting of the learning process.

With these online learning tips, you can design meaningful and helpful content to enable your employees to reach their career objectives and your business goals. And, if implemented effectively, e-learning can lead to a happier and more engaged workforce.

To learn more about the evolution of corporate learningemployee training, why tech is crucial to onboarding, how to boost employee engagement and the latest teaching trend in the workplace, be sure to check out our entire LMS 101 series.

 

Tags: , , , , , , , , , ,
Posted in Blog, Featured, HR Management, Learning Management, What Employees Want

Jessica Melo

by Jessica Melo


Author Bio: Melo serves as the Director of Sales Training, she is a graduate of Rutgers University and holds a Managerial Economics professional certificate from Dartmouth University. Passionate about education and business, she oversees new hire & intern development, leadership training and continuous education. Her specialties in corporate education are in designing effective learning strategies including governance, alignment and measurement. Outside of work, Jessica is a strong supporter of wildlife and anti- animal cruelty organizations.

Subscribe to Paycom's blog

You might want to know our privacy policy has changed. View Policy

Okay, Got it!
X

Learn more about Paycom

  • Are you a current Paycom Client?

    Yes

    No

    • Talent Acquisition

    • Time & Labor Management

    • Payroll

    • Talent Management

    • HR Management

  • Subscribe me to Paycom's newsletter.

*Required

We promise never to sell, rent or share your personal information with a third party unless required by law. By submitting this form, you accept our Terms of Use and Privacy Policy.