Protecting Employee Data from Evolving Email Threats

The Internal Revenue Service, in partnership with the Security Summit, recently issued a warning about the growing threat of phishing scams designed to steal sensitive information. While originally intended for tax professionals, the warning is equally important for HR professionals who regularly access employee Social Security numbers, benefits information, and financial data.

Cybercriminals are increasingly targeting HR and payroll teams due to the sensitive nature of the data they manage. A single click on a suspicious link or attachment can lead to system compromise, data theft, or even ransomware attacks. As open enrollment season and year-end processes approach, the risk only increases.

Email Threats to Watch For

Hackers use several techniques to trick employees into opening dangerous emails. Here are common forms to be aware of:

• Phishing and Smishing: Broad email or text messages urging recipients to click on links or fill out forms with personal information.
• Spear Phishing: Targeted emails that appear personalized and legitimate, often referencing real colleagues or business details.
• Clone Phishing: Copies of previously sent legitimate emails that include malicious attachments or updated links.
• Whaling: Attacks that impersonate senior leaders or executives in an organization, often requesting urgent action or fund transfers.
• New Client or New Hire Scam: Criminals pose as prospective employees or service providers to get HR staff to open attachments or click links.

Red Flags to Watch For

• Unexpected emails from what appear to be trusted sources, especially with new attachments or urgent requests.
• Email addresses or URLs that are slightly off, such as “.com” instead of “.gov.”
• Pressure to act quickly or claims that a password is about to expire.
• Duplicate messages from known senders that include new links or attachments.

Steps HR Professionals Can Take to Stay Secure

The IRS and its Security Summit partners continue to encourage use of the “Security Six” practices, which apply just as effectively in HR and benefits environments:

1. Install and update anti-virus software on all systems that access employee data.
2. Use firewalls to block suspicious or unnecessary internet traffic.
3. Require multi-factor authentication (MFA) for access to HR and payroll systems.
4. Regularly back up important data to an encrypted location or secure cloud storage.
5. Use drive encryption to protect locally stored sensitive information.
6. Connect remotely using a Virtual Private Network (VPN) to maintain secure communication between devices and networks.

What To Do If You Suspect a Breach

If your HR team receives a suspicious email or believes a phishing attack may have compromised data, report the incident internally and follow your organization’s security protocols. If employee tax information was involved, your team may also need to contact relevant tax authorities or your company’s legal counsel.

Cybercriminals continue to adapt. Staying informed and proactive is the best defense. Encourage your HR and payroll teams to take time this summer to review security protocols, complete required training, and be cautious with all emails and attachments.

For more information, visit the IRS’s Protect Your Clients; Protect Yourself campaign.