According to one recent study, phishing scams accounted for approximately 90% of ALL data breaches that took place in 2018. The frequency of these attacks is also on the rise ‒the number of attempts grew at a rate of 65% in the last year alone. All told, about 1.5 million new phishing sites are created on a monthly basis—pointing to a problem that is only going to get worse before it gets better.
One particular type of phishing scam is also on the rise—and it’s one that is also poised to do the most amount of damage. More and more, fraudsters are targeting the human resources departments of companies in an effort to get them to switch to direct deposit to pay their employees. Only instead of making sure that those employees get the money they worked hard for, HR officials are duped into depositing those funds into the bank accounts of cybercriminals instead.
Thankfully, all hope is not lost. It Is entirely possible to spot one of these scams coming so that your own organization can avoid them. You just need to be aware of a few key things.
Spotting a Payroll Phishing Scam: Breaking Things Down
The biggest advantage that HR departments have in this scenario is that a payroll phishing scam is ultimately not a very sophisticated attack. There is no malware at play to watch out for, and you don’t have to worry about a network intrusion. Generally, cybercriminals just create fake email accounts with free services like Gmail or Yahoo under an executive’s name. They then target employees who are careless enough not to spot the clear warning signs on display.
Therefore, beating these scams is simple: Don’t be the careless target that people think you are.
Always be as vigilant as possible with all email communications, but especially in situations as important as this one. Check every email address carefully, especially if someone is asking you to make a major change to the financial structure of your business. Look for spelling errors, missing characters and other warning signs that the person you’re speaking to may not be on the level.
Likewise, you should also go through your social media feeds to avoid posting details about your company that could be used against you in the future. Oftentimes, these emails will be littered with details that make it seem like they’re coming from a legitimate source or someone who knows a lot about your company. Don’t make this information any easier for someone to obtain by keeping all information about your business’s executive and human resources employees off of Facebook, Twitter and other types of sites.
If you DO accidentally fall into one of these payroll phishing traps, the FBI recommends that you contact your business’s financial institution as soon as possible. If you act fast, you will likely be able to track where that money was sent ‒thus giving law enforcement the best possible chance of getting it back.
Finally, you need to understand that your most powerful weapon in the fight against cybercriminals is good, old-fashioned common sense. Don’t change the way your employees are paid simply because someone asked you to via email. Ask to discuss the details of the change over the phone. Try to speak to more than one person within the business in question. If company leadership is always “in a meeting” or if they’ve “just stepped out” and you can never seem to get beyond the person who initiated contact in the first place, trust your instinct.
If your gut is telling you that you’re about to fall victim to the type of scam that could literally cost your company tens of thousands of dollars and major damage to its reputation and employee morale, trust that feeling. The chances are high that it’s probably spot on.
Bob Mason, CPA writes for CountingWorks, an accounting news and advice website. Reach his office at [email protected].
About Bob Mason, CPA
Santa Cruz based Bob Mason, CPA (Coast Financial Services) has been providing the people of Santa Cruz with years of expertise in the tax and accounting industry. He provides a broad range of accounting, bookkeeping and small business services to help your business succeed. Using their expertise in technology they have built an intuitive website with useful tools and calculators and a monthly blog which they post to on a frequent basis. Check back weekly for their next tax or accounting topic.
