More and more employers are being subject to a new form of cyber attacks- spoofing. Spoofing is when a nefarious person tricks or deceives a target into thinking they are someone else. Recently, hackers have been impersonating high level people at companies and requesting, via email, money or personal information about employees. The hacker is able to disguise their email address so that it appears to come from the high level company officer.
Last month, an employee in the Human Resources Department at a large Philadelphia-area health system released personal information of around 11,000 employees to a spoofing scam. The employee received what appeared to be an email from a legitimate source and gave the sender the requested information.
The IRS has issued warnings against spoofing scams. See the IRS tips here.
Employers should alert their employees to these types of scams and remind employees to be vigilant before releasing large amounts of personal information or transferring funds via email requests. A good rule of thumb is to call the sender on the telephone to confirm the request verbally before simply responding to an email. Another helpful tip is to not “reply” to email addresses. Instead, type the email address into the “to” line before sending.
