Start typing and press Enter to search

[Trending Topic] Direct Deposit Phishing Scams on the Rise

[Trending Topic] Direct Deposit Phishing Scams on the Rise

Phishing scams are on the rise, and small businesses are a growing target. Phishing emails are a type of scam designed to obtain information or prompt certain behavior from their targets. To that end, they typically appear to come from a person or entity we trust.

If you receive suspicious emails that appear to be from employees asking to change their direct deposit information, what should you do?

This is likely a phishing scam—a type of con in which scammers use emails, texts, or phone calls to trick someone into providing company or personal information that then allows the scammer to steal from them. These messages often appear to come from someone the recipient knows—in this instance, your employees. A successful scam can be a costly data breach with legal consequences for employers. In this case, had you fallen for the direct deposit scam, your employees would not have been paid on time, and you’d be out the money you owed them.

You can help protect your organization by giving employees examples of the kinds of emails and other communications (texts, calls, etc.) that are likely suspicious. Here are a few:

  • A notice from your email provider suggesting you change your password.
  • A message from the IRS asking you to click a link, open an attachment, or provide information.
  • A message asking you to click a link to pay fines or penalties.
  • A request for W-2s or payroll records.
  • A request for names, birth dates, home addresses, salaries, and social security numbers.
  • A request for contact information.
  • A request to purchase gift cards and email the sender the card numbers.
  • A request for login information.
  • A communication with glaring typos.
  • A communication that says “EMERGENCY” in the subject.
  • A LinkedIn connection from someone you don’t recognize even though they purport to work at your company and have connected with some of your colleagues.


To protect your organization from this and other phishing attempts, we recommend taking the following steps:

  • Verify that the message is not legitimate. In this case, inspect the email addresses for validity and reach out to the employees to confirm they didn’t request to have their bank information changed.
  • Notify your IT department of the potential phishing attempt
  • Inform your workforce that scammers are afoot and remind them not to respond to emails that are suspicious or to email sensitive information. Email is like a postcard, potentially visible to anyone, so employees shouldn’t email their banking or other sensitive information.
  • Work with your IT department to train employees on how to recognize phishing attempts and what to do if they notice or fall prey to one.
  • Ensure employees update their security software, internet browser, and operating system regularly.
  • Create processes and policies that staff should follow in case of a breach, including what notices need to be given.

Content provided by Ahola's HR Support Center

 

Reply a Comment

SUBSCRIBE

GENERAL DISCLAIMER

This blog is for informational and educational purposes only. It does not constitute legal advice, and cannot constitute legal advice, because the authors are not licensed attorneys. Readers should not rely or act upon any information presented on this blog without seeking professional legal counsel. The views expressed in each post are those of the author, and the author alone; they are not the views of Ahola. The information provided in this blog is general, and based on information available as of the date of publishing. Information herein is provided on an “as is” or “as available” basis; we make no warranty of any kind to you regarding the information provided and disclaim any liability for damages from use of the blog or its content. Please consult an attorney to obtain advice with respect to any particular question or issue.