Are Your Payroll Officers Aware of This Email Scam?
The Australian Cyber Security Centre (ACSC) warns business owners and employees about cyber criminals who send out fake emails to request a change in employees’ bank details. Some payroll officers in several business organisations in Australia have received a fake email that appears to have come from employees requesting to change their bank account details.
The new payroll fraud tactic involves sending a fake email that looks exactly like an email from the target organisation’s employee. The cybercriminals, pretending to be an employee, copy the email signature blocks of staff and send an email to the human resources or payroll officer to request a change in his or her bank account. If not caught, the cybercriminals receive the poor employee’s pay.
How do these cyber criminals have the guts to imitate an employee? They usually target employees who are on a holiday based on their social media updates. Through posts on Facebook or Twitter and photos on Instagram, employees give fraudsters an idea that they will be away for an extended period of time.
In ACSC’s warning, the emails from cybercriminals may read:
“I’d like to change my direct deposit info, can it be effective for the current pay date?”
“Kindly find my new direct deposit information. Let me know as soon as this is updated and also kindly confirm the exact amount of any changes for my reference.”
Usually, the emails come with the subject line “Payroll” or “Urgent Payroll Request.”
What Can Happen?
Unaware of this tactic, your payroll officer may change the bank details of the employee who’s enjoying a holiday and clueless that he or she will not receive the next pay. Warn your HR and payroll staff today to make sure that all changes in bank accounts will be requested internally and avoid money being passed onto the hands of cybercriminals.
What Can You Do?
If you are a payroll officer, you can help prevent email fraud by taking precautions:
• Do not reply to the email.
• Do not click on any link.
• Do not give any information.
• Look up the employee’s work/office email address and send a separate email to confirm the request.
If you are an employee and you received a notification that your bank account details have been changed, contact your payroll officer as soon as possible. Inform the payroll department that you did not authorise such change in your bank details. When going on an extended vacation, leave your contact details so people at your workplace to help your colleagues distinguish requests from you and fraudsters.
Keep Your Employees and Business Safe
Aside from warning employees, business owners can add a preventive measure to avoid email scams and email virus. You can make sure that all of your servers and everything else are protected by having this thing called Edge Cloud Protection. Regardless of the email client used by everyone across your organisation, the emails that come in and land on the server are scrubbed. Contact us for your company's IT security needs.