Get more! Sign up for PLANSPONSOR newsletters.
Compliance October 23, 2007
That "Harassment Complaint Update" from the EEOC? Uh-huh.
October 23, 2007 (PLANSPONSOR.com) - Just in time
for trick-or-treat, scammers are now pretending to be the
U.S. Equal Employment Opportunity Commission
(EEOC).
Reported by Nevin E. Adams
The EEOC has notified the business community and general public to a “phishing” e-mail circulating to companies that purports to be from the federal agency regarding a harassment complaint. The bogus e-mail contains a Trojan Horse Virus that is likely to harm a recipient’s computer if the user clicks on the referenced web link and/or downloads the attached file.
The phony e-mail to employers — being circulated under the subject “Harassment Complaint Update For”– contains links where the respondent can allegedly access details of a fake discrimination claim. The EEOC has reported the issue to appropriate authorities.
Earlier this year, the federal government’s Thrift Savings Plan was victimized by a security breach from computers that had been infected with installed software (see Hackers Make Off with $35,000 of TSP Participant Money ). In August, the Internal Revenue Service (IRS) warned taxpayers of a new phishing scam, in which an e-mail purporting to come from the agency advises taxpayers they can receive $80 by filling out an online customer satisfaction survey (see That E-Mail From the IRS? It Isn’t .).
How it Really Works
The EEOC’s policy is to notify an employer of the filing of a charge of employment discrimination using the U.S. Postal System. Because of security concerns, the EEOC does not notify employers of the filing of a charge of discrimination via e-mail. Consequently, according to the EEOC, if a company receives an e-mail notification which purports to advise the respondent of the filing of a charge of employment discrimination with the EEOC, the federal agency urges users to delete it immediately.
The contents of the phishing e-mail include an EEOC logo under the subject line and contain purported language from the EEOC under a subject heading, “Employer Liability for Harassment.” Excerpts of the phishing e-mail are highlighted below:
This is an automated email that confirms the registration of harassment complaint #number…this harassment complaint can lead to law enforcement action. You can download and print a copy of this complaint to keep for your personal records here…Our staff will keep you updated regarding the status of our investigation…To check the status of your complaint access: