Cryptocurrency: Ways to Enhance Your Privacy
infosec tweaks

Cryptocurrency: Ways to Enhance Your Privacy

Privacy and privacy on the internet are of great importance. It is not enough to take one or two measures to protect ...
Read More
infosec

KnowBe4: The world's largest security awareness training and simulated phishing platform

KnowBe4 is the provider of the world's largest security awareness training and simulated phishing platform. Sales of KnowBe4 ...
Read More
infosec

What are the most common passwords? Risk of violation

Passwords are a matter that has been discussed many times. The National Security Center in the UK presented a ...
Read More
infosec

Windows Update: Caused problems with Sophos, Avira and Avast

9 April released the new Windows security update. However, it was noticed that after installing the update some ...
Read More
infosec

The Weather Channel Global Weather Channel was attacked by ransomware

The Weather Channel Global Weather Channel was attacked by ransomware resulting in the live broadcast being interrupted for about 90 minutes ....
Read More
Latest Posts

This new email fraud can cause you a problem with your payroll account

Cyber ​​criminals do not want to be particularly troubled with clever hoaxes to earn money quickly from their victims. And these dozens of scammers are not just for individuals, but also for businesses and institutions.

In fact, cybercrime against business is steadily rising. According to a recent FBI report, losses due to business scams exceeded 12,5 billion dollars 2018! Sure, business targeting is a very profitable system for fraudsters.

E-mail

Now, it seems that scammers have developed a simple but effective way to collect money from companies using direct deposit to pay their employees. Below are details about fraud and some tips on how to protect your organization.

Fraud increases in payroll deposit systems

As with the recent explosion of tax fraud and gift card fraud, hackers are now targeting the human resources departments of various companies in hopes of persuading employees to change the bank payroll information to the one under their control.

In such a case, KVC Health Systems, a Kansas City-based non-profit childcare service, receives these kinds of e-mail "fishing" about two or three times a month, CNBC explains.

Similar to Business Email Compromise (BEC) scams, false email appears to be appearing to be sent by HR executives to HR employees. Their request? Change your payroll bank account information that the company uses to make a direct payment.

If it is successful, the hacker could leave the company at a loss of a thousand dollars while its employees will of course not be paid on time.

How this scam works

Despite its potential for big losses, payroll fraud is not a particularly sophisticated attack. Unlike traditional e-mail business e-mail frauds, crooks do not even go through the process of hacking your boss's email account. They simply create false email accounts with free services (such as Gmail or Yahoo, for example) with the name of an employee (usually from HR).

With this method, they hope that the target employee will be careless enough not to notice the full email address or to see his messages on a phone where only the name of the sender is immediately visible in the From field.

Messages appear to be short and casual with a little sense of urgency, asking the employee to quickly change bank information.

Unlike other email scams, these email messages are written in a few typographical and grammatical errors. Often, they try to prevent the victim from contacting the boss claiming that he is "in a meeting" or with "limited telephone coverage".

Here are some examples:

"Are you available? There is something you have to do. I'm going to a meeting and I'll have limited access to my phone, so just reply to my email. "

"I have to update the information on the direct payment of payroll payments. Can we handle it now? Thanks."

Why do payroll scams spread?

Although simplistic as scams are spreading because they are easy to create and grow, usually by automated methods. As I mentioned earlier, not fraud does not require successful hacking of an employee's emai account, all it takes is to create a new account with its name.

Then, because false emails are short and casual, they usually do not trigger email spam filters and Phishing. In addition, fraud does not suspect us, as it does not require cash transfers - it just asks for a bank account number change.

This approach has no cost to create so it can "hit" more companies with fewer resources. The success rate is lower but they can stay below the radar for much longer.

How To Protect Your Body From Payroll Fraud:

So how do we protect ourselves from this growing cyber-scams? Here are a few tips:

Be alert to the E-mail - Carefully check your email addresses, especially those from executives who require financial transactions. A character that may be missing at the address could symbolize the difference between security and compromise. And as much as possible, do not use personal emails for company messages.

Improve your company's email filters - Tell the IT department to include the keywords of this attack on your email spam filters

Watch out for scams company engineering - Determine their feed social media and avoid publishing vital details about your work that could reveal your employees' management and human resources.

Use two-factor authentication - Consider using two-factor authentication for capital transfers and corporate email accounts. Use known phone numbers to verify and avoid showing these phone numbers in email by email.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *