Computer security is an unfortunate fact of modern payroll administration—especially right now, when phishers and scammers know you and your staff are busy and distracted. You already know to not respond to email requests from so-called executives who need employees’ W-2 data emailed to them ASAP. This scam seems quaint by today’s standards. New scams, intent on separating employees’ personal identifying information from your server, surface with regularity. You might find what’s new quite alarming.
New malware steals saved passwords
Good computer hygiene says you shouldn’t use the same password for multiple websites. So web browsers first suggest a strong password of random letters, numbers, and symbols and then ask whether you’d like it to remember your password. Don’t click Yes.
New malware, called Redline Stealer, can grab passwords, even from VPNs. We suggest the old-fashioned way of storing passwords: Write it down on paper and lock the paper in your desk.
First phishing, now QRishing
If you’re thinking of using QR codes—those square barcodes that smartphone cameras scan and read to provide quick access to a website—to ramp up security on the website to which you post employees’ W-2s, you might want to think again.
The FBI’s Internet Crime Complaint Center reports cybercriminals are tampering with QR codes to redirect victims to malicious websites engineered to steal login and financial information. Malicious QR codes may also contain…
