The federal Occupational Safety and Health Administration (as distinct from California’s Division of Occupational Safety and Health, commonly referred to as Cal/OSHA , which has jurisdiction over nearly California workplaces, but shares jurisdiction in California over certain maritime employers and federal government installations) has issued a warning about spam emails being received by employers across the United States purporting to warn employers about upcoming OSHA inspections, changed OSHA penalty guidelines and similar warnings, inviting the recipient to click on a link to a “new OSHA regulation.” Be forewarned; if you receive one of these emails, don’t click on the link; it’s an attempt to “phish” you. And of course the fact that because you’re in California you’re most likely covered by Cal/OSHA won’t excuse you from receiving these phishing attempts, and if you’re unsure where OSHA’s jurisdiction ends and Cal/OSHA’s begins, you might be vulnerable.

In a recent LinkedIn posting, the agency says, “We’ve been made aware of phishing attempts impersonating a Department of Labor employee. If you receive (such an) email…it is NOT legitimate. DOL and OSHA do NOT send notifications about upcoming compliance inspections.”

In sum:

• Never click on a link from an unknown sender
• Never click on or download unexpected attachments
• Always verify the sender’s email address; in the case of some of these phishing emails, the sender’s address was “(First Name, Last Name).cr@dol.gov;” U.S. Department of Labor email addresses don’t use any .cr suffix after employee names