Security Alert: Criminals Up The Ante On Payroll Fraud

As a new year rolls around, criminals are thinking of more ways to dupe their targets to increase their chances of an illegal payday. Here are two new variations on payroll scams that hackers are using.

A new twist on an old game (CEO fraud)

Usually, a criminal, posing as the boss, sends an email to someone in the financial department instructing that employee to transfer funds from the business account to one under the fraudster’s control. If the employee is intimidated and fails to question the request, the transaction is put through.

New twist: criminals are now breaking into company email accounts and spying on communications, learning about their targets and the vendors that service them. When the time is right, the hacker sends fake invoices from a selected vendor and requests that the company send future payments to a different account controlled by the hacker.

Criminals putting themselves on the payroll

Here’s where a criminal hacks an employee’s email through various methods such as malware-laden SPAM, spear-phishing, etc. The hacker, posing as the employee, then emails the company’s HR department and requests that they send their next paycheck to a different bank account under the fraudster’s control.

Security steps to take now to protect yourself and your business

  • Educate employees on email safety and social engineering techniques.
  • Let employees know that it is OK to question emailed or texted instructions from management.
  • Update internal procedures to require further management review and approval before any funds are transferred from company accounts, even if the request comes from the CEO.
  • Make sure everyone uses strong passwords and that each one is unique. Never reuse passwords for multiple accounts or applications.
  • Immediately install two-factor authentication (2FA) on all accounts and apps wherever available.
  • Review and strengthen payroll update procedures to verify that all such requests were actually made by the employee.
  • Make sure systems are adequately backed up preferably using a hybrid-cloud business continuity solution, to ensure rapid recovery should your data be compromised or lost.
  • Stay abreast of current security trends and avoid becoming a victim.

Criminals are getting more sophisticated―Don’t make it easy for hackers to get their hands on your money. Act now.

XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 460+ Petabytes of data with over 1400+ employees and 9 offices around the globe. Call (845) 362-9675 and let us introduce you to the ultimate defense against data loss—whatever the cause.