As I often tell you, scam artists are the only criminals whom we refer to as artists and the latest FBI warning about a increasingly popular scam is another indication of the inventiveness of scammers. The scam is targeting employees of a variety of industries who receive their pay checks through a direct deposit into their personal bank accounts. The scammers are using social engineering and spear phishing emails to lure unwitting employees into providing their employee login credentials which the scammers will then use to access the employee’s payroll account and change the bank account information as to where the employer is to electronically send the employee’s wages. Often the scammer will redirect the payment to a prepaid debit card. The FBI is also reporting that some scammers change the settings on the employee’s account in order to prevent the employee from receiving an alert regarding the change in the direct deposit information. Socially engineered spear phishing emails are emails that have been specifically tailored to lure someone into providing personal information or clicking on links by appearing to be legitimate because they appear to come from a trusted source or relate to something in which the targeted victim is involved or has an interest. The FBI is reporting that this payroll redirect scam is increasingly dramatically this year.
TIPS
Remember my motto, “trust me, you can’t trust anyone.” Never provide your log-in credentials to anyone and never click on links unless you have absolutely verified that the link is legitimate. You should also refrain from providing personal information to anyone in response to an email unless you have verified that the request is legitimate and the information is needed. Employers should educate employees to this scam and should also monitor employees’ log ins that relate to changing direct deposit information with greater scrutiny. They should also require dual factor authentication for changing direct deposit information.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”