Here’s what happens: the bad guy uses your work login info to get into your employer’s HR system to replace your direct deposit information with his own.
It starts when an employee receives an email that looks just familiar enough that he doesn’t question it too much. The email includes a link or web address that the user clicks on. Once he clicks, he will be directed to a fraudulent site or portal where the victim will be asked to enter his work credentials to confirm his identity. The bad guys use that login ID and password to change the employee’s direct deposit information in the company’s files. Often, the fraudsters even change other account settings in the system, preventing the victim from receiving an email warning that changes have been made to his account.
Here’s how employees can avoid being scammed:
- Make sure you verify with your employer that a suspicious email is valid. Send it to your office’s HR or IT departments for confirmation.
- Keep an eye out for any misspelled words, odd phrasing, and poor grammar. These could be indications that the email is coming from elsewhere in the world.
- If the email includes any links to web pages, hover your mouse over the link and confirm that the URL is exactly the same as that used by the payroll company. Don’t click if you are not 100% sure.
Here are some steps that businesses can take to protect their employees:
- Teach your employees what a phishing scam is and how to avoid it.
- Require that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
- Use two-factor authentication on sensitive systems and information.
- Create protocols that require additional scrutiny to banking changes that appear to be requested by employees.
In the end, a little extra hassle in the short term may prevent a big headache in the long run. As always, if you have been victimized by a cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.