Continuing with the theme of evolving technologies and the 'new age' problems that come with it, hackers are now draining money directly from the source. Essentially, fraudsters are diverting direct deposits from accounts of employers straight into the accounts of criminals through phishing.
These scams are a fraudulent attempt to acquire sensitive information via means of electronic communication. Disguised as trustworthy individuals, the scammers pilfer data that will be criminally manipulated, resulting in disastrous effects.
"Fraudsters use a phishing scam by sending an email from an address similar to a legitimate company account. The email requests that an employee answer a brief survey then hit 'confirm' which then directs them to enter their credentials in an online form to confirm their identity. Those credentials are then used to access payroll portals and redirect payroll funds into fraudulent accounts." (PYMNTS, 2018)
Cybercriminals are constantly thinking of innovative ideas to steal, manipulate and acquire illegal data and assets, which creates a niche in the market for increased security protocols. Don`t let yourself be on the end of a phishing scam - if something seems fishy, make sure you report it immediately.
Business Email Compromise (BEC)
Payroll fraud is also notable under the headline of BEC where criminals are essentially gaining access to a business email account in an attempt to defraud a company and its employees. Payroll fraud focuses on the attainment of money, yet it is much more serious than that. When the fraud has been committed, along with stolen money, there is a huge breach in data security. The ownership of data can be manipulated for multiple purposes, depending on the fraudster's motives. Remember to protect yourself in the best way you can. Here are a few ways you could minimise phishing scams and BEC attacks:
- Prohibit wire transfers from going out without an in-person conversation or phone call. Even with a phone call, take caution if the only contact information is that included in the potentially fraudulent email.
- Take caution with emails from CEO accounts, as those professionals are most likely to be impersonated. If the CEO makes a request that seems unusual, the user should confirm its legitimacy before taking action.
- Implement a training program to teach employees how to identify a BEC attack.
- Deploy an email protection system to automatically stop spear phishing and cyber fraud attacks that can lead to a successful BEC scam. (Rayome, 2018)
*** The sole purpose of the article above is to generate public discussion, it has no intention to constitute legal advice. ***