Protections Against Phishing

This article will cover the basics of phishing and explain Namely's protections against and response to phishing incidents. 

What is phishing?

Phishing is a cybercrime in which a target or targets are contacted by email, telephone or text message by someone posing as a legitimate institution to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords. 

How do I protect myself against phishing?

There are some common hallmarks of phishing scams.  Please be mindful of any communications that present with the following:

  • Too Good To Be True - Eye-catching emails or attention-grabbing statements are designed to attract people’s attention immediately for scammers to lay their trap. Ignore these emails and if you think it is something important, pick up the phone and confirm with a human.

  • Sense of Urgency - A favorite tactic amongst cybercriminals is to ask you to act fast because the issue is urgent, such as an issue requiring confirmation via login. Scammers will use this tactic to steal passwords in order to change employee banking information. Remember: Namely will never call you to ask for your password.

  • Hyperlinks - Beware of all links in emails. A link may not be all it appears to be. Bookmark your Namely site and use the bookmark to access your Namely site. Hovering over a link shows you the actual URL where you will be directed upon clicking on it. It could be completely different or it could be a popular website with a misspelling, for instance, www.bankofarnerica.com - the 'm' is actually an 'r' and an 'n', so look carefully.

  • Attachments - If you see an attachment in an email you weren't expecting or that doesn't make sense, just don't open it!

  • Unusual Sender - Namely emails will only come from the namely.com or namelypayroll.com domains. If it looks like it's from someone you don't know or someone you do know, if anything seems out of the ordinary, unexpected, out of character or just suspicious in general don't click on it!

  • Check Public Data Breaches - We recommend urging employees to secure their personal data outside of Namely (i.e. personal email passwords, work email passwords) to ensure the privacy of their information.  We advise that clients use HaveIBeenPwned.com, or similar Identity Monitoring services, to see if any of their employees had their personal information disclosed in a public data breach. 

How does Namely protect against phishing?

Several inherent elements of the Namely system can help proactively guard against phishing:

  • Single Sign On - Namely offers SSO/SAML login options to make it difficult for scammers to gain access to your Namley site. Clients can pair SSO/SAML with multi- and two-factor authentications to make it even harder for scammers.

  • Notifications - Employee bank account change notifications are enabled by default to alert employees via email whenever their direct deposit information has been modified.

  • Login History - The Credential History log records all user logon events including the source IP address. Navigate to your HRIS site > Company > Credential History.

  • Audit Reports - The Audit Reports record recent changes for Access Roles, Permissions, and Fields.

  • Roles and Permissions - Review your organization’s roles and permissions to ensure that sensitive data on employee profiles is only visible to the correct internal partners. This can help limit exposure in the case that a single user account is compromised. 

How do I respond to phishing?

If you have noticed unusual activity in the audit reports, have suspicion that your site has been accessed by an unauthorized third party, or if an employee received a notification about a banking change they didn't make, engage your IT and Security teams to assess the accounts and machines in question. We recommend you also change passwords for any affected users immediately and review your most recent paycycle. If it appears there may have been monetary impact, submit a ticket in the Namely Help Community immediately so we can attempt to recover the funds on your behalf. Use the following case selections depending on where the impact is

  • HRIS > HRIS Settings > Other > Compromised User Account

  • Payroll > Employee Payroll Profiles & Data > Compromised User Account