Resources

[FBI ALERT]: “Cybercrime Uses Social Engineering Techniques to Steal Employee Credentials and Commit Payroll Diversion.” 

I have some excellent ammo for you which very clearly shows the urgent need for security awareness training. I suggest you send this FBI PSA link below to your InfoSec budget holders.

The FBI warned September 18, 2018 about new criminal campaigns that target the online payroll accounts of employees in a variety of industries.

METHODOLOGIES

“Cybercriminals target employees through phishing emails designed to capture an employee’s login credentials. Once the cybercriminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account in order to change their bank account information.

Rules are added by the cybercriminal to the employee’s account preventing the employee from receiving alerts regarding direct deposit changes. Direct deposits are then changed and redirected to an account controlled by the cybercriminal, which is often a prepaid card.

RECOMMENDATIONS

The FBI has 9 suggested mitigations for scams like this, starting with: 

1. Alert and educate your workforce about this scheme, including preventative strategies and appropriate reactive measures should a breach occur.

2. Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from.

We could not agree more! Read the other 7 mitigation recommendations at the FBI’s IC3 site and remember to send this link to your budget holders:

https://www.ic3.gov/media/2018/180918.aspx

From CyberheistNews