We all get the emails, notices, and news alerts. Don’t open that attachment. Don’t open that link. Don’t do this, don’t do that. But until you click that button and feel the overwhelming dread and despair of, what have I done, do you fully get the picture.
In a warning put out by the FBI, there is an increase in hackers posing as Human Resource employees and sending emails asking workers to update their information and credentials for direct deposit. The hackers are sending out a fake link taking you to a work portal that looks similar enough to what you are used to that you log in. Now the hackers have your credentials and use them to get into your payroll account. They add rules to the account not to send you an alert about direct deposit changes and finally they redirect your direct deposit pay to an account controlled by them which is usually a prepaid card and wham… Your pay is gone. If that hasn’t scared you enough to not click a link let’s keep going.
Not only have you lost your pay but the criminal now has your personal information. Since July, the FBI has reported 47 cases totally more than $1 million dollars. Atlanta Public schools have had major breaches with scammers taking $56,000 in payroll!
In addition to payroll hacks, there are voicemail hacks. Emails are sent that look like you have a voicemail. That sounds normal but NOPE! The voicemail will show as an HTML file. This is not a normal file for voicemails. So why should you care if you click on that link just to listen to a voicemail? Simple, could be a phishing scam and have a malicious attachment that could take over your network. Even the best IT providers cannot prevent all the bad guys from committing their crimes.
So what can you do? Cybersecurity is everyone’s concern, and you can do your part to help protect not only yourself but your organization.
- NEVER give login credentials as a response to an email.
- Don’t open attachments that look unclear or fishy. Not even if it says it is your boss!
- Don’t use the same credentials for your payroll as you do for your network or PayPal account.
- Look for the signs that it is a scam.
- Check the URL. Does it look like the normal URL?
Is it secure? Still not sure, send it to your IT department. They have the tools to verify if it is safe or not. The IT department should also have configurations in place, two-factor authentication for sensitive systems such as payroll and malware tools. But remember, these hackers are professionals at what they do! You want to make sure there is no doubt that it is a real message, request, link or attachment before opening or clicking. Your IT staff would much rather have you ask them to verify the email is safe, then have to deal with a virus in the network, a ransomware incident, or a breach.
Bottom line… which is easier, verifying the email or risk everything due to what looked like a simple click? For more information on securing your organization for the future, call (877) 369-1831 or email us at firstname.lastname@example.org.
You might be interested in this free Content and Posters for National Cybersecurity Awareness Month:
National Cybersecurity Awareness Month 2018
Free Downloadable Posters
Whitepaper: Risk and Its Evaluation
Wiper Malware A Disastrous Threat
Information provided by FBI Public service Announcement 9/18/2018 Newsweek article by David Magee on 9/27/2018 FBI Warning: Beware of email scam to steal your direct deposit paycheck Action News WPVI-TV Philly in relation to US and World: FBI warns of hacking scam targeting paychecks, direct deposit