Cybercriminals Target Online Payroll Accounts
ALERT BLOG! Today’s alert is based around the recent FBI alert informing people of a “Cybercrime using social engineering techniques to steal employee credentials and commit payroll diversion.”
What does this mean? Essentially this is a new type of attack where cyber criminals are targeting employees through their online payroll accounts.
How are they doing this? As many other cyber attacks, this attack is happening through phishing emails. The attackers create a very realistic email that is sent out to employees, tricking them into entering their credentials. Any time an attacker receives an employee’s credentials it is dangerous. But what makes this attack different is that the attackers are using the credentials to login into the payroll account to change the settings and alter the bank account information on file. It has been documented that the cyber criminals change the direct deposit information on the payroll account so that the deposit is submitted to a different account, to which the attacker has access too. Further, the criminals are changing the settings, to eliminate all direct deposit notifications. So employees can go a period of time without being aware of the attack.
What can be done? As always, our greatest suggestion at The IT Company is to inform people about these scams. While there is nothing to fully prevent these dangerous attacks, the awareness of them is preventive in itself. In addition to our suggestion of educating employees, we would also like to share a list of suggestions the FBI has created to protect oneself against this scam.
The IT Company is passionate about keeping people as safe as possible in a cyber world of constant attempts to do the very opposite. Continue checking our blog for updates of current technology news, so that we can assist you in keeping your company, and your employees, safe.