Businesses and employees that utilize direct deposit services will want to be on alert for a phishing scam that has been spotted by the Federal Bureau of Investigation.
On Feb. 7, 2018, the payroll service company Paylocity issued an alert after an FBI warning of a potential security threat targeting direct deposits received by employees and taxpayers. The scam works when a fraudster impersonates an employer’s human resources department and sends an email to an employee asking them to update their direct deposit information. The link sent in the email is similar to the employer’s self-service portal making it easy for employees to believe it is a real request. In the past there have been media reports of public school employees in Colorado, Georgia and Massachusetts who had fallen for the trick costing the district thousands of dollars.
Fortunately, there are some red flags to watch for should you receive one of these emails.
First, if you do receive an email similar to these and were not notified by your Human Resources department that they were forthcoming, ignore the email and reach out to your supervisor to get confirmation on its validity. Don’t simply delete the email and continue on with your work. Remember, if something seems off, take the time to verify. You should also check to see if the return email address is the same as the service provider or department you typically communicate with regarding payroll. If you believe the email is authentic, hover your mouse over any links to see if they are valid before clicking.
If you believe an email is fraudulent, don’t click on any links. Follow your company’s policy on fraudulent or phishing emails, reporting to your cyber security team if you have one.
There are steps employers should be taking to ensure their employee’s information is safe from hackers.
Employers should consider requiring their employees to use two-step verification to access financial and payroll information. They should also set up manager approval procedures for any changes made to employee payroll accounts. And, employers should also ensure company computers have the most up-to-date anti-virus, anti-malware and anti-exploit software installed. Require your payroll service to follow the same security procedures. Third-party vendors with inadequate data security are often a hacker’s gateway to company services and sensitive information — like bank accounts and employees W-2s.
To get more tips on cybersecurity visit bbb.org/cybersecurity.
Veronica Craker, email@example.com, is the content and communications director for Better Business Bureau Northwest +Pacific. To check a business or report a scam, go to bbb.org or call 208-342-4649.