Heads up: Industry trends show that fraudulent sign-in pages are on the rise—verify email senders, links, and websites before accessing them.
Fraud can occur in many different ways—account takeovers, W-2 phishing, business email compromise schemes, and more.
Use the dropdowns below to learn more, or use CMD + F (or CTRL + F) to search for keywords throughout the article.
An account takeover (ATO) is a type of identity theft where a thief uses parts of a victim’s identity, such as an email address, to gain access to the victim’s Gusto account. Once the thief has access to a Gusto account, they can potentially commit financial crime.
As part of our robust security measures, we will send you a "suspicious sign in" email if we detect any unusual sign in activity so that you can verify your account is safe.
To protect yourself, we recommend creating a new, strong password for your Gusto account every 3 months and enabling two-step verification.
Email [email protected] immediately so our Assurance team can help.
A phishing site, or spoofed site, is a common deception tactic used by bad actors (fraudsters) to steal a real user's login credentials to a legitimate site.
You may land on these malicious sites by clicking links in brand-impersonation emails or when using a third-party (Google, Yahoo, Bing) to look for Gusto's website to login.
Only sign in to Gusto at app.gusto.com/login.
The IRS anticipates an increase in W-2 phishing emails during tax season. Be on alert for any suspicious emails requesting W-2 information.
Here is a description of the scam from the IRS: “Cybercriminals use various spoofing techniques to disguise an email to make it appear as if it is from an organization executive. The email is sent to an employee in the payroll or human resources departments, requesting a list of all employees and their Forms W-2. This scam is sometimes referred to as business email compromise (BEC) or business email spoofing (BES).”
Gusto will never email you requesting W-2 information.
You can report phishing attempts to the IRS at [email protected]. Use “W2 Scam” in the subject line.
At Gusto we're always working to keep your company safe from any type of security threat. One kind of security threat known as a business email compromise has become an increasingly popular type of fraud in the payments industry.
A business email compromise (BEC) is a fraud scheme in which a fraudster gains access to a business or personal email account and impersonates the owner of the email account to steal money from the company or related individuals.
There are several steps you can take to protect yourself and other employees from a business email compromise (BEC):
We make sure that your Gusto account is as secure as possible, but there are ways that fraudsters can target your company outside of your Gusto account. Below are different ways you could see a business email compromise affect your company:
If anyone in your company believes that they are being targeted in a BEC scam, there are multiple steps you can take to make sure your information is safe.
Reach out to [email protected] for further assistance.
Only ever use one of the two methods below to sign in to Gusto:
Gusto-secured resources
Verify if an email is from Gusto—it'll end in "@gusto.com"
Verify if a website URL is Gusto-secured—it'll end in ".gusto.com/"
What to look out for: