FBI: Phishing Attacks Aim to Swap Payroll Information
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
The FBI's Internet Crime Complaint Center (IC3) reports a wave of social engineering attacks aiming to steal employees' login credentials so they can break into online payroll accounts.
Attackers send their targets phishing emails designed to capture login credentials, the IC3 states. They use these to access employees' payroll, change their bank account data, and add rules so the victim doesn't receive alerts regarding direct deposit changes. From that point, money is redirected to an account controlled by the attacker; usually a prepaid card.
IC3 advises companies to alert employees about the rise of this scheme and educate them on preventative and reactive measures. For example, they should know to hover their cursor over hyperlinks in emails so they can view the URL and ensure it's related to the company from which it claims to be. They should know to never provide login data or personally identifiable information in response to any email.
Payroll login data should differ from credentials used for other purposes, the report continues, and greater scrutiny should be applied to bank information provided by employees who request to update their direct deposit information.
Read more details and guidance here.
Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024