McAfee: Mounted former employees for leaking data to an opponent
infosec

McAfee: Mounted former employees for leaking data to an opponent

McAfee has sued three of her former employees, who, as they say, have stolen commercial secrets from the company to transport them ...
Read More
infosec

Six people were arrested by Europol for Bitcoin theft

According to a press release released on June 25, Europol in partnership with South West Regional Cyber ​​...
Read More
infosec

Why can not I remove Windows 7? But why should it?

As we have mentioned several times in the past, Microsoft is particularly concerned about the world's love for Windows ...
Read More
infosec

Phishing campaign infects Windows computers with two types of trojan

A new phishing campaign infects the victims with two popular trojan and hackers seem to try to target ...
Read More
infosec

Bank Trojan Riltok has also begun to locate itself in Europe

Riltok, a banking Trojan known for its activity in entities in Russia, seems to have been renewed and now has ...
Read More
Latest Posts

This new email fraud can cause you a problem with your payroll account

Cyber ​​criminals do not want to be particularly troubled with clever hoaxes to earn money quickly from their victims. And these dozens of scammers are not just for individuals, but also for businesses and institutions.

In fact, cybercrime against business is steadily rising. According to a recent FBI report, losses due to business scams exceeded 12,5 billion dollars 2018! Sure, business targeting is a very profitable system for fraudsters.

E-mail

Now, it seems that scammers have developed a simple but effective way to collect money from companies using direct deposit to pay their employees. Below are details about fraud and some tips on how to protect your organization.

Fraud increases in payroll deposit systems

As with the recent explosion of tax fraud and gift card fraud, hackers are now targeting the human resources departments of various companies in hopes of persuading employees to change the bank payroll information to the one under their control.

In such a case, KVC Health Systems, a Kansas City-based non-profit childcare service, receives these kinds of e-mail "fishing" about two or three times a month, CNBC explains.

Similar to Business Email Compromise (BEC) scams, false email appears to be appearing to be sent by HR executives to HR employees. Their request? Change your payroll bank account information that the company uses to make a direct payment.

If it is successful, the hacker could leave the company at a loss of a thousand dollars while its employees will of course not be paid on time.

How this scam works

Despite its potential for big losses, payroll fraud is not a particularly sophisticated attack. Unlike traditional e-mail business e-mail frauds, crooks do not even go through the process of hacking your boss's email account. They simply create false email accounts with free services (such as Gmail or Yahoo, for example) with the name of an employee (usually from HR).

With this method, they hope that the target employee will be careless enough not to notice the full email address or to see his messages on a phone where only the name of the sender is immediately visible in the From field.

Messages appear to be short and casual with a little sense of urgency, asking the employee to quickly change bank information.

Unlike other email scams, these email messages are written in a few typographical and grammatical errors. Often, they try to prevent the victim from contacting the boss claiming that he is "in a meeting" or with "limited telephone coverage".

Here are some examples:

"Are you available? There is something you have to do. I'm going to a meeting and I'll have limited access to my phone, so just reply to my email. "

"I have to update the information on the direct payment of payroll payments. Can we handle it now? Thanks."

Why do payroll scams spread?

Although simplistic as scams are spreading because they are easy to create and grow, usually by automated methods. As I mentioned earlier, not fraud does not require successful hacking of an employee's emai account, all it takes is to create a new account with its name.

Then, because false emails are short and casual, they usually do not trigger email spam filters and Phishing. In addition, fraud does not suspect us, as it does not require cash transfers - it just asks for a bank account number change.

This approach has no cost to create so it can "hit" more companies with fewer resources. The success rate is lower but they can stay below the radar for much longer.

How To Protect Your Body From Payroll Fraud:

So how do we protect ourselves from this growing cyber-scams? Here are a few tips:

Be alert to the E-mail - Carefully check your email addresses, especially those from executives who require financial transactions. A character that may be missing at the address could symbolize the difference between security and compromise. And as much as possible, do not use personal emails for company messages.

Improve your company's email filters - Tell the IT department to include the keywords of this attack on your email spam filters

Watch out for scams social engineering - Determine their feed social media and avoid publishing vital details about your work that could reveal your employees' management and human resources.

Use two-factor authentication - Consider using two-factor authentication for capital transfers and corporate email accounts. Use known phone numbers to verify and avoid showing these phone numbers in email by email.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *