Costly direct deposit theft scams are on the rise
How does it work?
Cyber criminals are after employee paychecks that use direct deposit. Using phishing and other attack types, threat actors are tricking employees (including HR) into typing their usernames and passwords into fake payroll or “company” websites. Criminals then change direct deposit ACH information to a fraudulent account, thereby stealing one or more paychecks. Bad actors may also set up hidden email rules that intercept or redirect relevant emails that could otherwise reveal the fraud.
How To Protect Yourself
- Use MFA on your work and payroll accounts.
- Use MFA on personal Gmail and/or other accounts that may be used on your banking or payroll accounts.
- Use advanced authentication with three or more factors on all payroll funding bank accounts.
- Use checks and balances process on all ACH changes (request from one person, verified and approved by a second person not via email).
- Verify all ACH change requests with the employee directly. It is critical this occur over a method other than email.
It is critical that everyone be proactive and alert when communicating through email. Be sure the email address is that of the employee and not spoofed. By educating employees on safe email practices, including how to recognize and report suspicious emails, you can help mitigate the threat of payroll fraud.
- Be cautious of requests for bank account changes that originate via email, especially if the email has a vague or urgent subject line.
- Validate bank account changes directly with your employee before entering them. It is critical that validation occurs through a method other than email (i.e. in person, by calling the known contact number, instant message, etc.).
- If you receive a suspicious email, do not click on any links or open any attachments within the message. Do not reply to the email, and immediately report it to your IT team.
- If you receive a phone call asking for a bank account change, do not give out any information or process any changes until you validate the caller’s identity through another method (i.e. in person, by calling the known contact number, instant message, etc.).
If you are an employee and you received a notification of a change that you did not authorize, contact your payroll department immediately and notify SWICKtech immediately at (414) 257-9266 or firstname.lastname@example.org.