“But the e-mail said it was from HR …”
Filed under: In this week's e-newsletter, Latest News & Views, Security and law
E-mail scammers have a new tactic for stealing people’s personal info: posing as their employer’s HR manager.
It’s called “spear phishing,” and it’s a new, more targeted version of a phishing scam. In the old version, you get an e-mail that says it’s from a bank, insurance company, etc. – and for some stated reason, they need you to give them your account number and other personal information again.
Scams like that are still causing problems, but they’ve also gotten more complicated. This time around, criminals are targeting specific organizations and claiming to be specific people.
So instead of a mass e-mail sent to thousands of people, employees at a certain company might get an e-mail claiming to be from the HR manager that asks for bank account information to set up direct deposit, or a home address, Social Security number, etc.
How you can help
Huge corporations and government bodies are most at risk, but all employers should be aware of the threat and take preventive action. For security reasons, you probably don’t want to ask for sensitive information via e-mail, and employees should know that you won’t.
Also, most employees should use a refresher on basic e-mail security: Be wary of addresses you don’t already know and trust, be careful with attachments, and always make sure you’re connected to a secure Web site if you do enter personal data. Those tips will cut down on the risk of spear phishing, too.
