Please be aware of an email phishing scam that has started in the last week.
Companies are experiencing a wave of phishing scams that target employee paychecks. Here is the scenario: 1. An employee receives from a company email account e-mail that mimics a familiar and trusted company service or resource, such as an e-signature request or a request to complete a survey. 2. The e-mail asks the employee to click a link, access a website, or answer a few questions. 3. Then it directs the employee to “confirm” his or her identity by providing his or her complete log-in credentials. Skeptical employees who question the request via reply e-mail receive a prompt response purporting to verify that the employee should complete the steps contained in the link. 4. The threat actors then use the employee’s log-in credentials to access payroll portals, reroute direct deposits to other accounts, and wreak other havoc upon the employer’s network. In some versions of the scam, hackers access employee e-mails to request a password change from the employer’s payroll service and then use the new log-in credentials to change direct deposit instructions." Employers may want to immediately take the following precautions to avoid security breaches as a result of these phishing scams: • Alert your workforce to this scam. • Direct employees to forward any suspicious requests to the information technology or human resources departments, rather than replying to the e-mail. • Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any e-mail. For more detailed information see this link - https://blog.knowbe4.com/scam-of-the-week-wave-of-payroll-direct-deposit-phishing-attacks
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
AuthorSr. Consultant - IndyTek Consulting Archives
January 2024
Categories |