Focuses on issues of importance to payroll professionals across Canada. It contains news, case studies, profiles and tracks payroll-related legislation to help employers comply with all the rules and regulations governing their organizations.
Issue link: https://digital.hrreporter.com/i/791124
3 Canadian HR Reporter, a Thomson Reuters business 2017 Don't be fooled by fake emails Payroll departments must stay vigilant to avoid being taken in by online scams asking them to disclose confidential information BY SHEILA BRAWN A RECENT United States Inter- nal Revenue Service (IRS) alert about an email scam targeting payroll and human resources de- partments is a reminder of how important it is for employers to implement and follow good cy- ber-safety practices. In late January, the IRS warned employers to be aware of what it called a "phishing" email scam circulating across the United States. Phishing emails pretend to be from a legitimate organiza- tion or person seeking financial and/or identity information. In the scam the IRS warned about, the emails use a corporate officer's name to trick payroll and HR workers into disclosing employee names, social security numbers and income informa- tion. "The thieves then attempt to file fraudulent tax returns for tax refunds," said the IRS in a news release. This type of email scam can trick recipients because the message may contain the actual name of the company's chief ex- ecutive officer. The IRS warned that phish- ing emails may include phrases such as, "Kindly send me the individual 2016 W-2 (PDF) and earnings summary of all W-2s of our company staff for a quick review," or "Can you send me the updated list of employees with full details (name, social security number, date of birth, home ad- dress, salary)?" (W-2s are similar to T4s.) A spokesperson for the Cana- da Revenue Agency (CRA) said the agency was not aware of a similar email scam in Canada; however, the CRA advises em- ployers to take precautions to protect their employees' person- al information. This is essential for payroll departments, which track and store employee earnings, deduc- tions, pension plan information, social insurance numbers and home addresses, among other sensitive information. On its website, the CRA cau- tions businesses to be aware of phony emails with attachments or links that purport to come from the agency. It says they may be detailed enough to look legitimate and may even include a CRA logo. Sample fake messages on the agency's website show that e- mails pretending to be from the CRA may warn that a criminal complaint has been filed against a specific individual or compa- ny for tax evasion. The message often includes a link to what it says is the text of the complaint. The fake emails may even con- tain references and links to CRA policy. On its website, the agency provides examples such as, "For more information, please check our business information sec- tion, 2nd paragraph, 'Autho- rizing a representative': (web link)." They may also provide a telephone number and email ad- dress to contact for more infor- mation. The CRA advises individuals who have provided information or money to scammers to con- tact the Canadian Anti-Fraud Centre, the police and their fi- nancial institution. Cyber theft is a growing prob- lem that companies must take seriously, says cybersecurity firm Panda Security. "The number of attacks di- rected at corporations will in- crease, as these attacks become more and more advanced. Com- panies are already the prime tar- get of cybercriminals, as their in- formation is more valuable than that of private users," the compa- ny said in a recent news release. A 2016 survey by professional services firm PWC Canada on global economic crime found that 28 per cent of Canadian or- ganizations reported experienc- ing cybercrime over a 24-month period, up from 24 per cent in 2014. The report said cyber- crime is the second most preva- lent type of economic crime against businesses. While the survey did not say how big a role email scams play in cybercrime, a 2016 report on fraud from the Canadian Fed- eration of Independent Busi- ness stated that, "By far the most common attempted fraud on small businesses are email scams and phishing." The report found that 72 per cent of small business owners said they had experienced an email scam or phishing attempt directed at their business in the last year. Twenty per cent said they lost money, goods, ser- vices or valuable information through it. While all businesses are po- tential targets, smaller firms may not have the IT expertise to help guard against cyber-security threats. To help small and medium- size businesses, the federal gov- ernment has produced a guide called Getcybersafe: Protect while You Connect. It is on the government's website at getcy- bersafe.gc.ca. It provides advice on a number of cybersecurity issues, includ- ing those affecting the internet, email, mobile devices, remote access, point-of-sale, and data security. Although the guide focuses on News CPR | March 2017 see ABOUT page 8 Credit: deepadesigns/Shutterstock