Cybercriminals are targeting employee payroll and diverting funds, according the Federal Bureau of Investigation (FBI).
The FBI’s Internet Compliant Center (IC3) just released an alert about an increasingly effective cyberattack hitting a variety of organizations in the last couple of weeks.
From education to healthcare to transportation to local governments, almost every industry has seen victims come out of the recent payroll attacks.
The preferred method of distributing this attack is by phishing users—this allows criminals to key log user activity on their computers and ultimately capture employee login credentials. Armed with login information, the criminals then access the employee’s payroll accounts (this is for those of you that have online employee portals) and change bank account information, directing hard earned wages into untraceable offshore accounts.
These cyber-thieves are also adding rules to the employee’s payroll account to ensure that they don’t receive alerts regarding changes to direct deposits.
Next, the criminals change the direct deposits and redirect them to accounts in their control.
The FBI has released a variety of recommendations to help mitigate payroll diversion. Essentially, having a combination of network security provisions in place (if you are a Dynamic Edge client, rest-assured we have already been taking these measures into account for you) and team member education about how to avoid being phished.
If you cannot do anything else, get your staff to inspect links to ensure they are legitimate and to copy and paste links from emails into their browser and to call a sender to follow up on unexpected attachments.
Phishing attacks that rely on URL clicks are successful because the links they send people mirror or nearly resemble legitimate websites, but instead take users to malicious sites that mirror the appearance of the actual site (this is the case for these payroll scams).
Also, consider restricting access to the Internet on systems handling sensitive information and consider adopting two-factor authentication to access sensitive systems (including payroll systems). This will prevent even sneaky hackers that have phished your users out of their passwords to remain shut out of your team’s payroll accounts.
What can you do? The FBI has 9 steps you should be thinking about:
- Alert and educate your workforce about this scheme, including preventative strategies and appropriate reactive measures should a breach occur.
- Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from.
- Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any email.
- Direct employees to forward suspicious requests for personal information to the information technology or human resources department.
- Ensure that log-in credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
- Apply heightened scrutiny to bank information initiated by employees seeking to update or change direct deposit credentials.
- Monitor employee logins that occur outside normal business hours.
- Restrict access to the Internet on systems handling sensitive information or implement two-factor authentication for access to sensitive systems and information.
- Only allow required processes to run on systems handling sensitive information.
Still worried you’re not doing your due diligence to keep your team safe from cyberattacks and breaches? Contact us for a free security assessment.
