Seriously? Did I really just give out some personal information to a spammer? In an email nonetheless! The combined information I gave out could be disastrous.
There I was, hard at work, and then it happened. It was the end of the day, I was tired, the email address appeared to come from a trusted source, and the information sought seemed to be a realistic ask from the presumed client. I pushed "reply" and checked to see that the legitimate email address came up as the recipient, as I always try to. It did so I then included the information requested, which I should not have over an email. And then, a cold sweat swept over my body. I quickly reviewed my 'sent' email and lo and behold, the recipient email changed from xxx@xxx.gov to xxx.xxx.gov@usa.com. Sure enough, I was had!
I quickly took the emergency actions necessary for my own protection and then contacted the individual that the email was disguised as coming from. Thank GOD nothing was lost on my end, but it could have been very bad.
Ironically, I just gave a training presentation at a conference for human resource professionals on the importance of protecting confidential, private, and personally identifiable information (PII). The title of the presentation was HR Recordkeeping Part 1: Employee Individual Files - Gotta Love Paperwork. In that training, I share some great information that I gathered from www.eeoc.gov, www.ada.gov, rules.mt.gov, Understanding HR Recordkeeping | EffortlessHR.com, Personally identifiable information guide: a list of PII examples - Analytics Platform – Matomo (matomo.org), and European Commission. ec.europa.eu/law/law-topic. Well, I just added more 'fodder' to start including in my training content; don't make decisions rashly when fatigued, never share PII over emails or texts, and remember how sneaky these fools are.
I practice what I preach about being uber careful, playing devil's advocate, asking the 'why's' and 'what if's', taking a second look, and pausing before acting on questionable requests. I advocate the best practice of protecting employee's information as if it was your own. Even with my careful habits, this one snuck through. Has this ever happened to you? I urge you to mark your calendar every month as a reminder to review your confidential and private information. Ask yourself if currently shared information is necessary, and what new and improved steps you can take to protect yourself and your assets. I am reviewing the need to publicly display my phone number, mailing address, email, and EIN (a MUST HAVE for any business owner to avoid using your SSN). What else do you suggest is granted upon request only? Leave your ideas in the comments.
