Back to Resources
Recently, we had clients receive emails from what appeared to be employees within their businesses. In these emails, the person made a seemingly legitimate payroll request for employee rosters with social security numbers to be emailed to them. These were fraudulent “spoofed” emails from criminals seeking to obtain confidential data.
If you or any of your employees receive an email requesting confidential data from someone in your organization, they should be instructed to immediately follow some simple but critical steps:
- Look closely at the email address of the person in the “From” field. Sometimes, it is the name of someone in your company but is presented slightly differently (i.e., instead of John Q. Doe as it appears when legitimate, the spoofed email address is John Doe).
- Click the “from” email name to get the full email address. This may reveal it is from a non-company domain (for instance, instead of from smith-howard.com it may be from gmail.com).
- Call the person in your office that seems to be making the request. Confirm that they have indeed sent you an email requesting data.
- Show the email to someone in your IT department so that they can confirm if it is legitimate.
Do not respond to any request for confidential data from anyone until you have confirmed personally that it is legitimate.
If you have any questions about this or have experienced a similar situation recently, please contact your insurance carrier and seek their advice.
How can we help?
If you have any questions and would like to connect with a team member please call 404-874-6244 or contact an advisor below.
CONTACT AN ADVISOR
Want to get insights right to your inbox?
Subscribe to our newsletters to get inside access to timely news, trends and insights from Smith + Howard.