Employee Payroll Direct Deposits are the new targets of a phishing scam

An alarming notice to employers and employees! There is an outrageous new phishing scam, affecting most of the employers and employees nationwide, with regard to their payroll service providers and direct deposits, in an attempt to steal your employees’ paychecks. Yes, you read it correctly. These cyber-criminals are going after your employees’ hard-earned income.  

It’s a sophisticated scam which starts with the employee receiving an official-looking email that looks like it was sent from within the company or from your payroll service requesting the employee to provide their e-signature or to complete a survey (the rouse varies from scam to scam).

The e-mail then instructs the employee to click on a link, access a website, and answer a few questions. Then it directs the employee to “confirm” his or her identity by providing his or her complete log-in credentials (username and password). Employees who question the request by replying to the received e-mail receive a prompt response emphasizing to the employee to complete the steps contained in the link. The cyber-criminals then use the employee’s log-in credentials to access payroll portals, change the direct deposit instructions, and reroute the direct deposits to other accounts.

These cyber-criminals are sophisticated and have done their due diligence and are able to spoof the sender’s account to look real and legitimate, that many are falling victim to this scam. In most of the cases, the employees and employers are learning of the scam as the employees begin to realize that their direct deposits did not go through and are reporting it to their employers. Unfortunately, at this point, the damage is done and the ability to retrieve the employees’ paychecks are impossible.

In addition to diverting of funds, this scam creates a data breach for the employer and triggers notification obligations. Failure to take prompt action may result in penalties and liability to unsuspecting employers. Employers may want to immediately take the following precautions to avoid security breaches as a result of these phishing scams:

  • ALERT YOUR EMPLOYEES ASAP about this scam and provide regular Security Awareness training
  • Report the scam: Instruct your employees to report any suspicious emails or text messages. Whether its related to this phishing scam or other, if any email seems suspicious, they should report it right away. They should not open the email or click on any links in the email.
    There are free tools available for you to use, like PhishPro Tracker, that takes the guessing game out of opening an email. You can immediately report suspicious emails with one easy click of the PhishPro Tracker button installed on your Outlook ribbon and the trained security analysts will analyze the reported emails and decipher whether the email is a phishing email or not.
    For more information about PhishPro Tracker, contact us at sales@phishpro.com.
  • Implement Multi-Factor Authentication
  • Educate your employees: Make certain your employees understand why they should never provide log-in credentials or personally identifying information in response to an e-mail. If they’re not sure if the email is from a legitimate source, they should not reply to the email, but rather, report the email as a suspicious email and contact the source directly (your company’s payroll department, their bank, etc.).
  • Use different passwords: Ensure your employees do not use the same password for various accounts and that they change their passwords often. Log-in credentials used for payroll should differ from those used for other purposes, such as employee surveys.
  • Always back up of your files: Use an external hard drive or cloud storage to help protect against viruses or a ransomware attack.