Recent research has found that executives are four times more likely to be victims of phishing attacks than other employees, due to their frequent travel, use of mobile devices and public Wi-Fi, and lax security controls.
Phishing is a type of social engineering used by attackers to access confidential information or install malicious software such as ransomware. Fortunately, phishing can be prevented with the right security measures in place.
Direct Deposit Scams
Signing up for direct deposit allows your employer to use your bank account information to send your paycheck electronically each payday. While this can be beneficial in protecting against theft, it could also turn into a major headache if the money goes missing or gets redirected to another account in someone else’s name.
The Federal Bureau of Investigation is warning businesses and employees about a new scam targeting HR departments and high-value employees: Direct Deposit Diversion Fraud. This version involves sending out “phishing” emails that ask employees for their direct deposit information.
In a phishing scam, cybercriminals send an employee an intimidating email that appears to come from their company or human resources (HR) department, demanding they update their direct deposit information. Once an employee clicks the link in the phishing email, they are taken to a fake site that looks similar to their employer’s payroll self-service portal where the criminal can steal login credentials and redirect funds directly into another account.
To prevent fraudulence, the FBI recommends employers implement two-factor authentication for employee payroll accounts and a comprehensive security program that includes employee data training, email scanning, and increased scrutiny on bank information requested by employees seeking to update direct deposit info. It’s especially essential to monitor employee logins outside normal business hours and teach employees how to hover over links in emails claiming to be from their company in order to confirm if they are legitimate.
It’s essential to instill in employees the importance of not sharing their personal information via email or over the phone, including PINs, social security numbers and login credentials that could be stolen by hackers if sent in an email or over phone. Additionally, employees should be warned against sharing sensitive bank account info via email or over the phone as this data could potentially be stolen by malicious parties.
Denise Groene, Vice President of the BBB Kansas Region, urges employees to be wary of any suspicious phishing emails or calls. When looking at these documents, look for the company logo and display name of the email address. Furthermore, she suggests delaying when direct deposit information is updated in the self-service portal before it actually deposits into an employee’s account; this reduces the risk of diversion.
Fraudulent Emails from Boss
Executives are four times more vulnerable to phishing attacks than all other employees, according to a new report released by cybersecurity firm Intermedia. In fact, one out of every five executives and IT employees has fallen prey to fraudulent emails, according to Intermedia’s 2017 Data Vulnerability Report.
CEO Fraud Scams
Cybercriminals often impersonate the company CEO or other executive in an email and request employees’ assistance by sending wire transfers, updating account information, or providing account details. While these scams can be hard to trace once sent, any employee who receives them remains at risk.
To prevent CEO fraud, create a written process for handling payments. This will keep everyone alerted if something seems off, and train everyone to double-check any requests sent through phone or email if they believe them important; these requests often originate from fake sources and can easily go ignored.
Scammers may send text messages to an employee asking for money or personal information, such as credit card numbers. They usually use a different name and address, plus they may have the employee’s phone number. It is essential to be alert for these types of requests.
In addition to stealing money, CEO fraud can cause significant harm by invading an employee’s privacy – particularly if they share their personal information with the scammer. Scammers often masterfully impersonating bosses in order to obtain funds and sensitive information while deceiving employees into thinking their request is legitimate.
A sophisticated BEC campaign uses a forwarded email thread that appears to come from a real boss in order to trick victims into sending payment to the scammer’s account. Additionally, the attacker makes the email appear as though it’s part of an ongoing conversation, giving the illusion that they are dealing with someone at the top of their organisation.
This type of attack can be especially hazardous if the victim’s account information has been compromised, since the attacker can now send phishing emails to additional individuals within the company. Scammers then gather more valuable personal data from their initial target, which they then use to identify other potential targets and craft more tailored attacks.
Identity Theft Scams
Identity theft is a criminal act in which thieves use your personal information such as your name, Social Security number (SSN), or other identifying data to take advantage of you financially, ruin your credit rating, or access online accounts. It has become the fastest growing crime in America with tens of millions of victims annually.
Unfortunately, despite the growing number of victims, there are not enough resources to adequately prepare victim service providers to help these people recover from the harm done to their identities and finances. Victims targeted in these crimes often experience trauma similar to that experienced during violent crime–they feel violated and lack direction on how they can receive assistance for resolution.
In addition to financial loss, victims often endure emotional trauma as well. The stress of identity theft can leave one feeling powerless over their life and may lead to anxiety or depression. In extreme cases, they could even lose their employment and have no choice but to live off a fixed income.
Business frauds are unfortunately common and can range from straightforward embezzlement schemes to more sophisticated criminals who will take advantage of your company for financial gain. This may involve using company cash or products for personal expenses like buying new cars or taking vacations.
Stealing business information, such as your company’s sales tax numbers, can also lead to filing fraudulent tax returns and claiming refunds. These scams often cost companies a considerable amount in fines and lawsuits.
One of the most dangerous types of identity theft is synthetic identity theft, which involves creating a false persona by combining data from real people. The victim’s birthdate, address and SSN are combined to form an altered persona that can be used for various forms of financial fraudulence.
Unfortunately, victims often remain unaware of the fraud until it negatively affects their credit. Signs such as unexpected charges on credit cards, calls from creditors for loans or debts they didn’t take out, and missing or delayed mail can all be indicative.
Spear Phishing
Spear phishing is an email scam that targets high-profile individuals within an organization. It’s more targeted than general phishing and requires extensive research on the part of the attacker to be successful.
Spear phishing occurs when criminals customize their emails to include the victim’s name, title and other personal details. They can also pull information that looks authentic from public records, social media profiles or other sources, giving the target the impression they are dealing with a trusted contact rather than someone trying to steal their identity.
A spear phishing attack typically targets employees in the finance department of a company. It’s an increasingly common way for hackers to gain access to bank accounts and funds belonging to businesses.
Typically, cyber attacks occur during times of corporate crisis for the company. They could be initiated by a corporate merger, major product launch, or any other event that puts the firm’s reputation in jeopardy.
These attacks provide hackers with a convenient means of stealing personal information, such as passwords, bank account numbers and credit card numbers. Furthermore, these attacks allow the perpetrator to install malware onto victims’ devices.
Recent data from Symanetc reveals that 65 percent of known groups responsible for targeted cyber attacks use spear phishing emails as their main method. This shows how far this practice has progressed and will continue to employ new techniques in order to attract victims.
To prevent phishing attacks, be wary of emails that appear unusual or ask you to do something you are not supposed to – such as pay a bill or verify your account. Be cautious and skeptical whenever someone sends you something unfamiliar via email.
Additionally, be wary of email addresses that appear to be the domain of a business you deal with regularly. This is often how scammers obtain your company’s address and contact info.
It’s essential to avoid clicking links in email messages that you are uncertain of. Instead, open your browser and go directly to the company website so you can quickly view any link’s destination. You may even hover over it for a closer look.
