FMLA Articles

Beware FMLA/FFCRA cyberattacks


Key to remember: Cybercriminals are using the COVID-19 pandemic-related changes to the FMLA/FFCRA to trick employees.

Applies to: Employers, particularly those who are covered by the FMLA and/or FFCRA.

Impact to customers: Employers may want to warn their employees of the spam attempts to help avoid system disruption.

Possible impact to JJK products/services: This information will be in the Leave Manager news feed.

As if complying with the federal Family and Medical Leave Act (FMLA) and the employee leave provisions of the Families First Coronavirus Response Act (FFCRA) weren’t challenging enough, employers also need to consider another aspect of the situation — cyberattacks in the form of emails or messages that appear to be from the U.S. Department of Labor.

Employees may receive this type of electronic correspondence referencing the pandemic-related changes to the FMLA — particularly the FFCRA. The message, however, has some obvious misstatements, such as referring to the FFCRA as the Coronavirus (COVID-19) Act, and that the Act became effective April 29, 2020. If read carefully, it’s obviously a ruse, but employees might not take the time to read the message carefully.

In at least one scam, an email instructs recipients to open an attachment to see the changes to the FMLA and an employee request form. Using these attachments, employees may “demand paid leave” under the law by completing the form and sending it off to their HR department.

If employees click on the attachment, the attackers can gain control of the device being used and perhaps launch ransomware.

Spam purporting to come from a government entity is not new, and cybercriminals often take advantage of recent events. The attacks are not limited to the federal government but may also appear to come from a state agency, such as a state labor department or unemployment office. In some cases, spam emails may appear to be from the company’s HR department.

All employees should be trained to spot real or potential threats, to avoid opening attachments or clicking links from unexpected emails or emails from unusual sources — even if the emails appear to be from someone employees recognize. Employees should have a reasonable level of suspicion of messages that have random links and/or attachments.

Employees should know to hover over any suspicious links to help identify the source. The best bet is to directly contact the entity who supposedly sent the email and ensure that it was legitimate. If an email asks employees to log into an account or service, they should log into their account directly through a browser instead of clicking a link or attachment in an email.

Attacks are not restricted to emails. They may come in the form of text messages or other messaging service. Phishing and smishing are the leading cause of breaches. Phishing is the practice of sending emails that appear to be from a reputable source in order to induce recipients to reveal personal information or to gain access to a system. Smishing is a phishing attack using messaging instead of email. Ransomware is an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

These attacks are to be taken seriously. According to the FBI’s Internet Crime Complaint Center, people lost $57 million to phishing schemes in 2019.

This article was written by Darlene M. Clabault, SHRM-CP, PHR, CLMS, of J. J. Keller & Associates, Inc. The content of these news items, in whole or in part, MAY NOT be copied into any other uses without consulting the originator of the content.


The J. J. Keller LEAVE MANAGER service is your business resource for tracking employee leave and ensuring compliance with the latest Federal and State FMLA and leave requirements.