It starts with an e-mail from upper management asking for employee data or payroll records. Wanting to demonstrate that he’s diligent and responsive, a well-meaning HR or payroll person promptly sends off the requested information. Unfortunately, despite appearances, the e-mail is not from upper management. It’s from a crook trying to run a “phishing” or “spear phishing” scam. So the employee eager to show himself as diligent and responsive ends up looking gullible and a liability to the organization. That’s probably not the impression he was trying to make.

My partner (and our firm’s Chief Privacy Officer) Mark McCreary and our colleague Kevin P. Dermody have written this very informative Alert on the topic. It explains the problem in more detail, gives examples of scams, and discusses what employers can do to protect themselves. If you want to follow the topic more closely, you can also subscribe to our Privacy Compliance & Data Security blog.

Hundreds of employers of all sizes have been victimized by these scams. Don’t let your company be next.