Show Down in Texas Over Sick Leave Looming

After Midnight, On February 16th, the Austin, TX city Council approved an ordinance establishing a paid sick leave requirement.  This requirement applies to all private employers located within the City of Austin.  The Mayor is expected to sign the ordinance.  This will have Austin joining the growing lists of cities and states requiring mandatory sick leave.  But before the City Clerk has even had the chance to verify the approved language and post the finalized ordinance, the state legislature began rumblings that they will take steps to curtail the Austin ordinance in its next session.

The Texas Tribune is reporting that just hours after the bill was passed state Rep. Paul Workman, R-Austin sounded off against the bill, saying the ordinance is “declaring war” on small private businesses.  According to Workman, “It’s not the role of the government to mandate for employers to do this”.   This again is going to come to a show-down between local control of the cities versus control in the state capital.  Something that organizations like the American Legislative Exchange Council (ALEC) have made good use out of to curtail the sick leave movement. We can only stay tuned to see how the show-down plays out in the state legislature.

FBI Warns of Another Phishing Scam Against Employees

The FBI is now warning employers of a possible phishing scam taking place.  This one targets the employees themselves. It focuses on companies that use self-service platforms where employees can view their pay, get duplicates of W-2s and update direct deposit information.  The fraudsters are impersonating the employer’s human resources department and asking employees to update or confirm their personal information via a fake website.  The employee receives a fake email that asks the employee to click on the link provided to log into his self-service account.  The email asks the employee to logon to view a private email from HR, to view changes that have been made to their account, or to confirm that the account is still active.

By clicking on the link and entering their self-service credentials, the employee is actually giving their logon information to the fraudster. The fraudster than can go into the self-service account himself and access all of the information including W-2 and pay stub info.  He can also change the direct deposit information. In order to prevent the victim from from knowing what is going on, the fraudster will also change the email address that the self-service platform uses to send alerts when changes are made.

Payroll and human resources professionals need to be on the lookout for this type of email.  With the new tax bill causing new tax withholding decisions, many employees are making good use of these types of self-service portals.  This will be especially true when the new Form W-4 is issued by the IRS.  Employees will want to make sure they have the proper withholding under the new tax tables.  And it would not be “unusual” for payroll or HR to send out emails during this time-frame.

It is also imperative to practice what the FBI calls “good email hygiene”.  Train your employees to watch for phishing attacks and to also check the actual email address rather than just looking at the display name.  Both these items can be crucial to seeing the attack early, before the damage is done.