{"id":7487,"date":"2018-09-25T14:39:24","date_gmt":"2018-09-25T18:39:24","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=7487"},"modified":"2019-05-08T12:11:29","modified_gmt":"2019-05-08T16:11:29","slug":"fbi-phishing-direct-deposit","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/fbi-phishing-direct-deposit\/","title":{"rendered":"FBI: New Phishing Scheme Targeting Employees’ Direct Deposits"},"content":{"rendered":"

Social engineering, phishing emails, stolen credentials \u2013 stop me if you\u2019ve heard this one\u2026<\/h2>\n

The FBI\u2019s Internet Crime Complaint Center (IC3) has issued a warning<\/a> about a phishing scheme that is targeting Americans\u2019 direct deposits. So, if your paycheck gets routed directly to your bank account at the end of each pay period, be on the look out for any suspicious emails that are requesting your login credentials.<\/p>\n

\"FBI:So far cybercriminals have targeted a number of different industries with this scheme, most prominently the healthcare<\/a>, commercial aviation and education sectors.<\/p>\n

Cybercriminals target employees through phishing emails designed to capture an employee\u2019s login credentials. Once the cybercriminal has obtained an employee\u2019s credentials, the credentials are used to access the employee\u2019s payroll account in order to change their bank account information. Rules are added by the cybercriminal to the employee\u2019s account preventing the employee from receiving alerts regarding direct deposit changes. Direct deposits are then changed and redirected to an account controlled by the cybercriminal, which is often a prepaid card.<\/p><\/blockquote>\n

So, what\u2019s going on here and how can you make sure you, your coworkers and\/or your employees don\u2019t fall victim to it?<\/p>\n

Let\u2019s hash it out\u2026<\/span><\/p>\n

Social Engineering and You<\/h2>\n

We have come a long way since the days where Nigerian royalty would email you a poorly written plea for interim financial assistance in return for a larger payday down the road. Granted, those do still exist. I\u2019m not sure if that\u2019s just a continued shot in the dark or at what rate that scam ever converted, but it must not have been that good because phishing has evolved considerably over the past decade.<\/p>\n

\"\"Nowadays cybercriminals leverage social engineering<\/a> to create highly personalized emails that are intended to create a sense of urgency<\/a>. Criminals have been known to scour LinkedIn<\/a> and other social networks for information that can be used to make an email seem more convincing. This practice has become so refined that they\u2019ve even nailed down what words<\/a> most often illicit the desired action.<\/p>\n

And they know what they\u2019re doing. They know that a company\u2019s own employees are often its greatest threat<\/a>. They know that 70% of US employees don\u2019t have a clue about cybersecurity best practices<\/a>. They\u2019re sending a high volume of these emails, too. 1 out of every 101 emails sent is malicious<\/a>. The average US employee receives 16 malicious emails per month<\/a>.<\/p>\n

The point is this: cybercriminals know how to disguise their attempts to steal your data and defraud you. They have a lot of experience doing this and the stakes are low enough (there is little risk inherent) that they can be prolific in their attempts, too.<\/p>\n

Without education, most people don\u2019t stand a chance<\/a>.<\/p>\n

How can I prevent being scammed?<\/h2>\n

The FBI has provided nine pieces of advice<\/a> in its warning, we\u2019ll go through those and then supplement with a few of our own.<\/p>\n

    \n
  1. Inform your employees about this specific situation. Use this as an opportunity to remind them about security best practices and also to go over any reactive plans in the event of an incident.<\/li>\n
  2. Instruct your employees to examine any hyperlinks to ascertain the true URL (this can be done by hovering your mouse over the link) before clicking on anything.<\/li>\n
  3. Instruct your employees never to provide login details or personal information via email.<\/li>\n
  4. Direct your employees to forward any suspicious emails to the IT department.<\/li>\n
  5. Don\u2019t use the same credentials for payroll activities as you use for other things \u2013 this is basically a variation on don\u2019t reuse passwords<\/em>.<\/li>\n
  6. Add an additional layer of scrutiny when an employee attempts to update account information or deposit credentials.<\/li>\n
  7. Monitor employee logins, specifically look for any abnormal logins that occurred after hours or off-premises.<\/li>\n
  8. Implement two-factor authentication for access to sensitive data and systems.<\/li>\n
  9. Only let required processes run on systems that handle sensitive information.<\/li>\n<\/ol>\n

    If you wanted to go a step further, it\u2019s not a bad idea to enact an organizational policy that says there is certain business that will never be handled via email. This could be difficult in larger companies, but if an employee knows that there are no conditions under which the company would ever email them about their direct deposit or an open enrollment period \u2013 or in regard to sensitive topics of that nature \u2013 it\u2019s a lot easier to ferret out a fake.<\/p>\n

    \"FBI:Also, and this is the most important, if there\u2019s ever any doubt about the legitimacy of an email, contact the supposed sender directly via something other than email. Unless you’re just racked by social anxiety, call them. If the email is legitimate they\u2019ll tell you. If it\u2019s not \u2013 and they have no idea what you\u2019re talking about \u2013 you\u2019ll know you\u2019re being phished.<\/p>\n

    Regardless of all that, if you take anything away from this article, hopefully it\u2019s this: if anyone emails you about an issue with your direct deposit contact your payroll department directly and definitely don\u2019t share your login credentials or any personal information.<\/p>\n

    Otherwise your next check might end up in the pocket of someone halfway around the world.<\/p>\n

    As always, leave your comments and questions below\u2026<\/em><\/p>\n

    \"Hashed<\/p>\n\n","protected":false},"excerpt":{"rendered":"

    Social engineering, phishing emails, stolen credentials \u2013 stop me if you\u2019ve heard this one\u2026 The FBI\u2019s Internet Crime Complaint Center (IC3) has issued a warning about a phishing scheme that…<\/p>\n","protected":false},"author":6,"featured_media":7489,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[16],"tags":[166],"class_list":["post-7487","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hashing-out-cyber-security","tag-phishing","post-with-tags"],"views":12081,"jetpack_featured_media_url":"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2018\/09\/bigstock-Computer-username-login-and-pa-158701193.jpg","_links":{"self":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/7487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/comments?post=7487"}],"version-history":[{"count":0,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/posts\/7487\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media\/7489"}],"wp:attachment":[{"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/media?parent=7487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/categories?post=7487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thesslstore.com\/blog\/wp-json\/wp\/v2\/tags?post=7487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}