‘Employers beware: Companies are experiencing a wave of phishing scams that target employee paychecks. Here is the scenario:
- An employee receives from a company email account e-mail that mimics a familiar and trusted company service or resource, such as an e-signature request or a request to complete a survey.
- The e-mail asks the employee to click a link, access a website, or answer a few questions.
- Then it directs the employee to “confirm” his or her identity by providing his or her complete log-in credentials. Skeptical employees who question the request via reply e-mail receive a prompt response purporting to verify that the employee should complete the steps contained in the link.
- The threat actors then use the employee’s log-in credentials to access payroll portals, reroute direct deposits to other accounts, and wreak other havoc upon the employer’s network.
In some versions of the scam, hackers access employee e-mails to request a password change from the employer’s payroll service and then use the new log-in credentials to change direct deposit instructions.’
Source: Diverting Employees’ Payroll Direct Deposits: The Latest Wave of Phishing Scams by Ogletree Deakins, January 30, 2018, Lexology.
Need help with your business cyber security or network solutions?
Contact Garrett Martin, JPS Director of Technology Solutions.
Asheville Boone Marion
828-254-2374 828-262-0997 828-652-7044
Johnson Price Sprinkle PA is a 60+ year old accounting firm providing small to middle market businesses with tax, business consulting, audit, fraud, and technology solution services. With offices in Asheville, Boone, and Marion, NC, our CPAs and JPS team strive to provide personal service alongside technical expertise resulting in our clients’ long-term financial success. We also invest time and energy in our community, taking pride in doing what we can to make Western North Carolina a better place. JPS Mission: To Be Greater by positively impacting our Clients, People, Community and Profession.