FBI: Phishing Attacks Aim to Swap Payroll Information
Social engineering scams target employees' payroll credentials so attackers can access and change their bank account data.
The FBI's Internet Crime Complaint Center (IC3) reports a wave of social engineering attacks aiming to steal employees' login credentials so they can break into online payroll accounts.
Attackers send their targets phishing emails designed to capture login credentials, the IC3 states. They use these to access employees' payroll, change their bank account data, and add rules so the victim doesn't receive alerts regarding direct deposit changes. From that point, money is redirected to an account controlled by the attacker; usually a prepaid card.
IC3 advises companies to alert employees about the rise of this scheme and educate them on preventative and reactive measures. For example, they should know to hover their cursor over hyperlinks in emails so they can view the URL and ensure it's related to the company from which it claims to be. They should know to never provide login data or personally identifiable information in response to any email.
Payroll login data should differ from credentials used for other purposes, the report continues, and greater scrutiny should be applied to bank information provided by employees who request to update their direct deposit information.
Read more details and guidance here.
Black Hat Europe returns to London Dec. 3-6, 2018, with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions, and service providers in the Business Hall. Click for information on the conference and to register.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024