2018 kicked off with some of the lowest unemployment rates in years, which is why the need for Staffing and Recruiting agencies has increased.
Due to the high demand for employment, staffing agencies are particularly vulnerable to email based phishing attacks attempting to gain sensitive employee data. A lot of staffing companies are being targeted for confidential information or money transfers and with tax season, these attacks have peaked in the last few months.
Here are the top email “Subject Line” phishing scams:
- Security Alert
- Update on Employee Paperwork
- Change Password
- Urgent Action Required
- Link for you to click
- Wire Money
*These are just a select few examples of email subject lines that scammers have been using.
The call to action here is that scammers are doing just about anything to get your confidential information. Their goal is to get access to your computer to gain more information in order to steal your identity. Companies and employees are especially at risk this time of year with tax season just around the corner. Scammers will act as employees or staff members requesting copies of sensitive data including W2s, social security numbers, bank information, etc.
Lately, scammers are taking it a step further and pretending to act as a Staffing agency. They will post job postings online and ask candidates to fill out all of the onboarding paperwork which includes background checks, social security numbers, bank information and more; all before an interview or initial communication has taken place.
Here are some quick tips to ensure the Staffing company you are working with is legit:
- Research: It is important to research the company you are working with. Make sure they are credible. Look at their website, case studies, team members, etc.
- Company Reviews: A great way to see if a company is legit, is to look at their reviews. Check out their Glassdoor, Yelp, Facebook, etc. These are great platforms to see what other people are saying about the company.
- Give them a call: Pick up the phone and call someone at the staffing firm. Talk to someone and ask them questions about their process, job openings or where to apply to positions. A big red flag is if the ask for personal information early on in the process.
Be diligent with your email and if you have any doubt or suspicion of information, always err on the side of caution.
Ian Wagemann, Founder at Veteran Enhanced Technology Solutions (Veteran ETS), a security and data protection company, states “There are many IT Security Solutions that are available that can help with warding off the intrusions that protecting yourself from these malicious attacks”. When we do a security assessment we utilize tools that will identify these threats and make sure that your firm has a combination of the following
- Intrusion monitoring and detection provides complete visibility over a business network to help you detect and quickly react to unauthorized access.
- Endpoint security is a product-based solution that detects security vulnerabilities directly on mobile or desktop endpoint devices.
- Mobile security offers special tools that protect your network against unauthorized mobile devices, as well as protect your devices form malicious email and web sites.
- Encryption solutions for policy based encryption and email-specific encryption can enable secure private email communications and establishes a secure, private network.
- Secure file sharing connects people, devices and their data in ways that controllable and protected.
- Cloud-based, always-on security that is automatically updated into a single cloud based-solution for endpoint protection, management, mobility and encryption.
- Web security to secure web traffic in the cloud before it even gets to you by filtering malware threats, blocking URLs with inappropriate content, preventing data loss over web protocols and enforcing acceptable use policies.
- Email security utilizing anti-virus, anti-spam, phishing, zero-day exploits and analysis for harmful content in the title, body, image or attachment of an email.
- Gateway security-firewalls that include authentication, intrusion detection and firewalls to provide centralized control and administration for your server environment.
Veteran ETS always recommends company possess a Security Awareness policy. Training your staff is invaluable as hackers develop new techniques to maneuver around your security tools. “First identify the confidential information within your firm and train your staff on who should have access to that data set. If you are asked for that information take the next step and verify who is asking,” says Ian Wagemann