By Kansas Attorney General Derek Schmidt
Phishing scams are when an identity thief sends you an official-looking email, typically pretending to be your bank, credit card company or another place of business. The scammer tries to get you to share valuable personal information to steal your money or your identity.
Often the email will indicate your password has expired and you need to reply to the email with your old password and new password to reset it. Or the email may contain a link that directs you to a website to change your password. Sometimes the scammers ask you to confirm account numbers or Social Security numbers.
Lately, our office has seen an uptick in a particular version of this scam – employees getting emails purporting to be from their human resources or payroll department asking to confirm or change bank account information for direct deposits. Unfortunately, a number of these have worked.
Like a typical phishing scam, these fraudulent emails will often use “spoofed” names to make the email appear official. Anyone receiving these emails should remember that links in emails cannot always be trusted, even if they appear to be from someone you know at the company. Always confirm with your place of employment by calling or speaking with someone in the appropriate department directly before responding to an email. If you work at a large enough company or government agency and aren’t familiar with anyone in the department be sure to use a phone number that you know to be correct, not the number provided in the email.
To mitigate these risks, human resources or payroll departments should not accept direct deposit authorization forms sent via email. Completed forms should be personally signed by the employee and electronic signatures should not be accepted. While it may seem inconvenient, requiring these authorization forms be filled out in person is the most secure method to ensure your employees’ personal information and financial security are protected.
More information on how to protect yourself from these and other scams is available on our consumer protection website at www.InYourCornerKansas.org or by calling our consumer protection hotline at (800) 432-2310.