Please be aware of an email phishing scam that has started in the last week.
Companies are experiencing a wave of phishing scams that target employee paychecks. Here is the scenario:
1. An employee receives from a company email account e-mail that mimics a familiar and trusted company service or resource, such as an e-signature request or a request to complete a survey.
2. The e-mail asks the employee to click a link, access a website, or answer a few questions.
3. Then it directs the employee to “confirm” his or her identity by providing his or her complete log-in credentials. Skeptical employees who question the request via reply e-mail receive a prompt response purporting to verify that the employee should complete the steps contained in the link.
4. The threat actors then use the employee’s log-in credentials to access payroll portals, reroute direct deposits to other accounts, and wreak other havoc upon the employer’s network.
In some versions of the scam, hackers access employee e-mails to request a password change from the employer’s payroll service and then use the new log-in credentials to change direct deposit instructions."
Employers may want to immediately take the following precautions to avoid security breaches as a result of these phishing scams:
• Alert your workforce to this scam.
• Direct employees to forward any suspicious requests to the information technology or human resources departments, rather than replying to the e-mail.
• Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any e-mail.
For more detailed information see this link - https://blog.knowbe4.com/scam-of-the-week-wave-of-payroll-direct-deposit-phishing-attacks