Internet Crime Complaint Center of FBI Warned that Fraudsters are Targeting Paycheck Via Direct Deposit
Recently, Tech Tuesday segment of the Oregon FBI focused on building digital defense against the payroll phishing scams.
Internet Crime Complaint Center of the FBI has issued a new warning, which says that the fraudsters are targeting paycheck through direct deposit. Although this scam can affect any worker, but the industries that are worst affected have been commercial airway transportation, healthcare and education.
The fraudster uses the work login information of employee for getting into the employer's HR system, and then replaces the information on direct deposit with their own information. It begins when an employee gets an email, which is identical to the original email so much so that it doesn't create any suspicion for him/her. The employee then clicks on the web address or link that is contained within the email. Once the employee clicks on the web address or link, he/she will get redirected towards a fraudulent portal or site where the employee is asked to enter the work credentials for confirming their identity.
These login ID as well as password has been used by the fraudsters for changing the direct deposits information of the employee in company's files. Often these bad guys even change the system's other account settings, because of which the employee does not receive an email warning intimating about the changes made to his/her account as posted on October 16, 2018, by fbi.gov.
These measures employees should take to avoid being getting scammed. One should ensure to verify with the employer whether the suspicious email is genuine and valid. Suspicious emails should be sent to the IT or HR departments of the office for confirming whether it is valid. Also, check for any poor grammar, misspelled words and odd phrasing, as these might be the sign that email is not genuine and is coming from someone else. In case the email contains any kind of links to the web pages, one must confirm whether the URL in the email is exactly same to the URL used by the employee's payroll company. Most important thing is don't click on the link in the email, if you have any doubt.
A few steps that businesses should take for protecting their employees are: should use two-factor authentication for sensitive systems as well as information; tell employees about phishing scam and ways to avoid it; tell employees to use different login credentials for the payroll purposes; and create protocols requiring additional scrutiny for banking changes seems to be coming from the employees.
» SPAMfighter News - 10/23/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!