Devious hackers have come up with a fresh, insidious scam to target your hard-earned salary! By manipulating corporate HR and finance departments, they reroute your salary deposits to their own accounts. Read on to understand this devious ploy and how to guard against it.
Updated Jun 26, 2023 | 12:19 PM IST
Direct Deposit Change: Not After Your Job – Just Your Salary!
- Hackers are manipulating HR and finance departments to reroute salary deposits into their own accounts.
- They hijack email accounts and use them to request direct deposit changes, often going undetected until the employee realizes their salary hasn’t been deposited.
- Companies and individuals can fight back with vigilant monitoring, process tightening, and multi-factor authentication.
The Devil is in the Details: Direct Deposit Change
How They Pull Off the Heist: Stages of the Attack
The first stage of this cruel con begins even before you sense trouble. Hackers cleverly gain access to email accounts through various methods. They can exploit large data leaks from sites like Yahoo and LinkedIn or even personal information to request password changes.
Once the email is compromised, the real fun begins for the hacker. Masquerading as an unsuspecting employee, they email HR to change the bank for salary deposits. By the time the real employee realizes their salary hasn’t been deposited, the scammer is laughing all the way to the bank!
Guarding the Gates: Spotting the Warning Signs
Fear not! Your company’s I.T department can spot signs that an account has been compromised. Watch out for a surge in failed logins, deviations from user behavior patterns, and unusual configurations. A vigilant eye can thwart this cyber heist!
The Dark Web’s Latest Trend: Payroll Diversion Fraud
The internet has christened this scam ‘payroll diversion fraud.’ It’s a deceptively simple ruse that relies on a fake email requesting an update to direct deposit details. The innocent-sounding email tricks HR into sending the salary to an account owned by the scammers. Devious? Yes. Effective? Alarmingly so!
Turn the Tables: Protect Yourself and Your Paycheck
You can fight back! Companies can tighten their processes, require multiple approvals for paycheck changes, and keep an eagle eye on all email correspondence. Individuals must set up multi-factor authentication, scrutinize all emails, and be cautious about what they share online.
And if you’re unfortunate enough to fall for this scam, don’t despair! Report it to the cybercrime cell, your Human Resources Team, and your bank. It’s a bitter pill to swallow, but with swift action, you can bounce back.