Fraudsters are putting a new spin on phishing attacks with a focus on company payroll. This type of attack uses phishing emails to steal credentials (user IDs/passwords) in order to compromise payroll systems, reroute direct deposits to other accounts and wreak havoc on an employer’s network.
It's a sophisticated scam that starts with an official-looking email to employees, asking them to click a link and access a website. This scam is particularly dangerous, because the bad guys behind it are in real-time, reinforcing the authenticity of the request by quickly answering questions via email. Below are key elements of this type of scam to share with your employees and help protect your company:
- An employee receives an email that mimics a familiar and trusted company service or resource (i.e. e-signature request, etc.)
- The email instructs the employee to click a link, access a website or answer a few questions.
- The employee is then directed to “confirm” their identity by providing their complete log-in credentials. Skeptical employees who question the request by replying to the original email receive a prompt response (from the bad guys) “verifying” the employee should complete the steps contained in the link.
When sharing these types of schemes with our employees at Old National, we always remind them of the following if they receive an unexpected/suspicious email:
- NEVER PROVIDE user IDs and passwords in response to an email.
- DO NOT CLICK on pop up ads or links/attachments in a suspicious e-mail.
- SEND the suspicious email directly to our network security department following outlined procedures.
The best way to protect your business from these types of scams is to educate your employees BEFORE they happen. Tell them what they should be looking for and how to report the situation when it does.
More ways to secure your information
Our online security center provides additional actions you can take to protect your company from financial fraud.
Copyright © 2020 ONB