A new breed of phishing scam is hitting employers around the world and it is targeting employees’ paychecks.
There are two variations:
1. An email is sent to the Finance or Human Resources department designed to look like it came from an employee requesting to change their direct deposit account.
2. Employees receive an authentic-looking email that appears to be sent from an employer requesting the user click on a link designed to steal a user’s login information. The scammers then attempt to login as the employee to change their direct deposit information. More information from the FBI on this version of the scam can be found at this link.
To read more from our IS Security Team about how to handle these emails, read the latest OUCH! Newsletter here.