It’s rare that a day goes by without getting the dreaded message or e-mail saying, “Don’t open that attachment, don’t open that link!” However, unless you click that link and feel the overwhelming dread and despair of what have you done, you will never fully understand.
In a warning sent out by the FBI, there is an overall increase in hackers posing as Human Resource employees and sending emails asking workers to update their information and credentials for confidential elements such as direct deposit. The hackers are sending out a fake link taking you to a work portal that looks familiar, and asking you to log into it. Naturally, you log in and now the hackers have your credentials and can use them to get into your payroll account. They add rules to the account to prevent you from seeing alerts regarding direct deposit changes, and redirect your direct deposit pay to an account controlled by them which is usually a prepaid card and wham…Your pay is gone. If that hasn’t scared you enough to not click a link let’s discuss this further.
Not only have you lost your pay, but the criminal now has your personal information. The FBI has reported 47 cases totally more than $1 million dollars since July. Atlanta Public schools have had major breaches with scammers stealing over $56,000 in payroll!
In addition to payroll hacks, phishing scams can occur through voicemail’s as well. Emails are sent that look like you have a voicemail alert. The voicemail will display as an HTML file. This is not a normal file format for voicemails to be sent as. So why should you care if you click on that link just to listen to a voicemail? Simple! It is a phishing scam and has a malicious attachment that has now taken over your network.
Even the best IT providers cannot prevent all Cyber related crimes. YOU must be proactive in your efforts as well.
Do not give out any login credentials as a response to an email or open any attachments that look unclear or fishy, even if it says it is from your employer. Do not use the same credentials for your payroll as you do for your network or a PayPal account. Check the URL, does it look like it is the normal URL you are used to seeing? Is it secure? Still not sure? Send it to your IT department.
Your IT department has the tools to verify if it is safe or not. The IT department should also have configurations in place, two-factor authentication for sensitive systems such as payroll and malware tools. Remember, these hackers are professionals at what they do! You want to make sure there is no doubt that it is a real message, request, link or attachment before opening or clicking. Your IT staff would much rather have you ask them then have to deal with a virus in the network, blocking everything and a ransom being held.
Bottom line… which is easier, verify or risk everything due to what looked like a simple attachment?
Join us throughout the month of October as we share tips, tricks, and tactics to help safeguarding your organization from a cyber threat. For more information on cybersecurity please contact us at call +1 (866) 216-4366 or email This email address is being protected from spambots. You need JavaScript enabled to view it. .
Articles You Might Find Interesting:
Join Us for National Cybersecurity Awareness Month
Warning Newegg Hack
Microsoft COM Hijacking- Video
The Blame Game After a Data Breach
Information provided by
FBI Public service Announcement 9/18/2018
Newsweek article by David Magee on 9/27/2018 FBI Warning: Beware of email scam to steal your direct deposit paycheck
Action News WPVI-TV Philly in relation to US and World: FBI warns of hacking scam targeting paychecks, direct deposit
Share this article: