Gone Phishing – For Paychecks

In the old days, the heavily-armed robbers would wait in the shadows for the Brinks truck to pull up on payday, then storm their way through the back doors to grab the cash.

Today the robbers sit at a laptop, eating chips and sipping soda, and fire off spoofed emails to HR looking for some easy money. And it can work if you are not vigilant.

My friend Dave recently sent an email to his company’s payroll department that said: “Good Morning, I have recently switch banks, I wish to change my current payroll/benefit information to my new account, my previous account on file will be inactive in 10 days.” I need your prompt assistance on this matter.” Except, Dave did not send the email – a hacker sent it in a “spoofed” email.

Dave’s payroll department hit reply and asked for the new account information. The hacker happily complied. A few days later, Dave called to see why he hadn’t been paid. Red faces ensued, while somewhere the happy hacker bought some new shoes.

This incident is an example of a current trend of HR phishing scams. They work because so many of us are deluged by email and do not have time to carefully consider and respond to every email when there are hundreds piled up. The quick reply – “OK Dave, send me your new account information” – seems reasonable and efficient.

What can you do to protect your paychecks? Several things:

1. Watch for errors. Grammatical errors and misspellings in an email regarding payroll are huge red flags.

2. Check Dave’s actual email address. The hacker’s address will show up when you hover the cursor over Dave’s name, or when you hit reply.

3. Don’t hit reply. Instead, forward the email, which requires entry of a new email, which your computer should default to the correct Dave.

4. Call Dave. Any time an employee wants to change account information, call to confirm. Only Mission Impossible has a magic voice-box.

5. Get insurance. If your company does not have a Cyber Policy, call your broker and consider expanding your coverage to include a cyber policy that may cover your losses from email scams.