ELEVATE YOUR HIPAA COMPLIANCE: Explore Our Enhanced Toolkit Today
Access Toolkit
Purchase Toolkit
Back to Blog

Latest phishing scams target payroll direct deposits

Scammers are cashing in on paydays much to the chagrin of employees who had a lapse in judgment and shared their log-in credentials. Warn your employees NOW about this latest phishing scam involving payroll portals.

According to an article on Lexology this week by Rebecca J. Bennett and Danielle Vanderzanden, here’s what happens:

1) An employee receives email from a company email account that mimics a familiar and trusted company service or resource, such as an e-signature request or a request to complete a survey.

2) The email asks the employee to click a link, access a website, or answer a few questions.

3) It then directs the employee to “confirm” his or her identity by providing his or her complete log-in credentials. Skeptical employees who question the request via reply email receive a prompt response purporting to verify that the employee should complete the steps contained in the link.

4) The threat actors then use the employee’s log-in credentials to access payroll portals, reroute direct deposits to other accounts, and wreak other havoc upon the employer’s network.

The article reports that in some versions of the scam, hackers access employee emails to request a password change from the employer’s payroll service and then use the new log-in credentials to change direct deposit instructions.

Even though you’ve told your staff to be wary of clicking on links no matter how legitimate the email seems, take time to tell them again. Emphasize how one wrong click could redirect their paycheck from their bank accounts into the hands of criminals. We also recommend that you:

• Remind users to slow down when going through their email inboxes. 

• Train users to check each email for the tell-tale signs of a spoofed email:
      ° Review reply address to make sure it is valid.
      ° Hover over all links to make sure they are valid.

• Instruct users to forward all suspicious emails to your IT department for confirmation on legitimacy of the email.

• Test users with regular phishing tests to make sure they are paying attention and not falling for phishing schemes.

Contact the experts at PrivaPlan to learn more about phishing tests and all the services we provide at info@privaplan.com or call 877-218-7707.

 

Related Posts

Recent Posts

Categories
Tags
AI Articles artificial intelligence Blog board Breach business associate CISO cyber risk cybersecurity cybersecurity awareness training electronic medical records email breach executive order Federal HIPAA Changes Final Rule health care health privacy HIPAA hipaa compliance HIPAA Training Meaningful Use Medicare multi-factor authentication OCR ONC passwords PHI phishing Policies & Procedures policies and procedures Privacy Quotes Ransomware Security Security Risk Analysis security training Service Technology Testimonials toolkit Training Materials two-step authentication website analytics website trackers

Get Started Today

Email us at info@privaplan.com or submit the form below:

Sign Up for Updates

Contact PrivaPlan

Telephone Sales & Support
505-466-1432  or
Toll Free: 1-877-218-7707
Fax: 505-466-3942

E-Mail Sales & Support
Customer Support: support@PrivaPlan.com
Sales: orders@PrivaPlan.com

Mailing Address:
PrivaPlan
5 Caliente Rd, Ste 3,
Santa Fe, NM 87508

© 2024 PrivaPlan Associates, Inc, all rights reserved.

FOLLOW US

Linkedin Envelope

Access PrivaPlan Toolkit

Click here to access

Access CMA-PrivaPlan Toolkit

Click here to access

Sign up for updates

  • Be Proactive In Compliance

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.