That "Harassment Complaint Update" from the EEOC? Uh-huh.

October 23, 2007 ( - Just in time for trick-or-treat, scammers are now pretending to be the U.S. Equal Employment Opportunity Commission (EEOC).

The EEOC has notified the business community and general public to a “phishing” e-mail circulating to companies that purports to be from the federal agency regarding a harassment complaint. The bogus e-mail contains a Trojan Horse Virus that is likely to harm a recipient’s computer if the user clicks on the referenced web link and/or downloads the attached file.

The phony e-mail to employers — being circulated under the subject “Harassment Complaint Update For”– contains links where the respondent can allegedly access details of a fake discrimination claim. The EEOC has reported the issue to appropriate authorities.

Earlier this year, the federal government’s Thrift Savings Plan was victimized by a security breach from computers that had been infected with installed software (see  Hackers Make Off with $35,000 of TSP Participant Money ).   In August, the Internal Revenue Service (IRS) warned taxpayers of a new phishing scam, in which an e-mail purporting to come from the agency advises taxpayers they can receive $80 by filling out an online customer satisfaction survey (see  That E-Mail From the IRS? It Isn’t .).   

How it Really Works

The EEOC’s policy is to notify an employer of the filing of a charge of employment discrimination using the U.S. Postal System. Because of security concerns, the EEOC does not notify employers of the filing of a charge of discrimination via e-mail. Consequently, according to the EEOC, if a company receives an e-mail notification which purports to advise the respondent of the filing of a charge of employment discrimination with the EEOC, the federal agency urges users to delete it immediately.

The contents of the phishing e-mail include an EEOC logo under the subject line and contain purported language from the EEOC under a subject heading, “Employer Liability for Harassment.” Excerpts of the phishing e-mail are highlighted below:

This is an automated email that confirms the registration of harassment complaint #number…this harassment complaint can lead to law enforcement action. You can download and print a copy of this complaint to keep for your personal records here…Our staff will keep you updated regarding the status of our investigation…To check the status of your complaint access: