There has been an increase in payroll direct deposit fraud in recent weeks. These attacks are simple in nature but can be devastating to your business. There’s no malware or technical exploitation involved here, just straight-up social engineering.
An attacker sends an e-mail message to an organization’s human resources (or payroll) department and spoofs the friendly name in the “From” field to look like it’s coming from one of the organization’s employees. The message asks human resources to reply with the organization’s payroll direct deposit change form. The attacker then completes and submits this form with his or her own routing and account numbers, and thereby steals the employee’s next paycheck.
While these attacks can pose a significant threat to your business, there are simple tactics you can use to prevent them from succeeding. If possible, your organization should require in-person confirmation for any payroll direct deposit changes. If this is not logistically possible, the payroll department should initiate a call to the employee in question using his or her work extension to confirm the request before any changes are made.
Attackers are crafty but their techniques aren’t always complicated. Basic confirmation of requests to change payroll direct deposit information can stop this type of attack in its tracks.
To find out how Symplexity can help protect your business, reach out to us at firstname.lastname@example.org or call (260) 432-1364.