As reported on our Global Immigration Blog, the U.S. Citizenship and Immigration Services (USCIS) has issued a notice regarding scam email requests for I-9 information.
According to USCIS, employers have received scam emails that appear to come from USCIS. These scam emails come from a fraudulent email address (firstname.lastname@example.org) and the body of the email may contain USCIS and Office of the Inspector General labels, the employer’s address and a fraudulent download button that links to a non-government web address (uscis-online.org). USCIS is reminding employers that they are not required to submit Forms I-9 to USCIS and USCIS will not request same via email. Rather, employers must simply maintain certain records for employees who are required to complete an I-9. USCIS has instructed employers to not respond to these emails or click the links in them.
USCIS has advised employers who believe they have received a scam email request for Form I-9 information to report it to the Federal Trade Commission. Additionally, employers who are not sure whether a particular email is a scam may forward the suspicious email to the USCIS webmaster and USCIS will review the email and share with law enforcement agencies as appropriate.
Responding to these types of phishing email schemes is one of the most prevalent ways in which an organization may experience a data breach and further highlights the significant risk posed by employee error. Understanding these risks exist and developing a plan to address them is a key component of data breach preparedness.