A new type of phishing scam targets the HR departments of companies and asks for reroutes on direct deposit accounts, CNBC reported. Once the changes are made, a paycheck will go directly into a criminal’s account.
KVC Health Systems, a child welfare nonprofit based out of Kansas City, has been hit with the scam. The emails look legitimate, and purportedly come from the company’s CEO, CFO or payroll director.
“They might just say, ‘I need to update my direct deposit information,’” Erik Nyberg, director of information technology at KVC, told CNBC. “Or they start with, ‘Hey, do you have a second?’ and if that target person responds, then they go from there.”
The fake emails aren’t easy to spot because of a few reasons: they aren’t rife with misspellings that generally accompany a phisher’s email, and they’re cordial and short.
The scammer isn’t even targeting the worker directly; the emails are directed to HR, and are seemingly urgent. Once the account is changed, the company is forced to pay for the loss and the employee will have a delayed paycheck.
Last year, the Internal Revenue Service warned that scams like this were on the rise. The fraud is fairly easy to pull off because it ignores and bypasses many existing controls for capturing it. Also, the amount of money stolen is relatively small, so companies might just attribute to the cost of business.
Adrien Gendre, chief solutions architect with email security company Vade Secure, said the scam has only appeared in the last month.
Most companies “have put processes in place to validate big wire transfers, so now [criminals] want to stay under the radar. It’s a new approach, and every day we have more customers reporting it,” he said.
And because the scammers aren’t asking for money, the scam bypasses not only email controls but warnings to employees as well.
The scammers will say things to elicit urgency but also dissuade communication, things like “I’m going into a meeting I can’t talk.”
The best way to fight it, Nyberg said, is by training.
“The CEO is never going to email you out of the blue and ask you for any deposit changes. And if you have any sliver of a doubt, call the person who is making the request.”