New Direct Deposit Payroll Scam

July 24, 2017, 1:55 PM

If hackers are nothing else, they are innovative constantly changing ways to gain unauthorized access to accounts and information. In an effort to re-direct an employees direct deposit, hackers are now using phishing techniques to gain access to employee email accounts. Once the hackers have access, they send a password reset request from the employees email to the employers payroll provider. The hackers will change the employees inbox forwarding rules so that all emails from the payroll provider will be sent to the employees junk mail folder. As soon as the email lands in the junk email folder, the hackers will change the direct deposit bank account information and have the employees payroll deposited in their own account. Adding insult to injury, with access to the employees account information with the payroll provider, the hackers can also access the employee's W-2 information and file fraudulent tax returns.

Should the employer re-pay the stolen direct deposit? Thats ultimately up to the employer, but remember that the compromised system was the employers. The employer is responsible for ensuring the security of its system. The compromised individual was the employee who fell victim to the phishing attack as a result of a vulnerability exploited by the hackers. The vulnerability? Some may want to point to the system, but employees are often an employers largest threat when it comes to data breaches. One investment that will go a long way in protecting both the employer and the employee is training. An employer should not only consider formal training with employees, but also more informal reminders, such as through the employers internal newsletter or periodic emails. The more often employers are in front of their employees on the issue of security, the more likely employees are to pay to attention to suspicious emails and requests.

Kaufman & Canoles can help you protect your business before a data related incident occurs. We are available to help you craft policies and plans to manage your risks. In the event of a potential breach, attack or upcoming HIPAA audit, or if you have questions regarding security planning, response or compliance, contact Nicole Harrell, the Chair of our Data Privacy and Security Practice Group. Nicole can be reached by phone at (757) 624-3306 or by email at njharrell@kaufcan.com.