NJ.com recently reported on an alert released by the FBI warning residents of a current phishing scam that is targeting employees in various industries, though the most affected sectors have been education, healthcare and commercial air transportation. The attackers send fraudulent emails to the victim seeking to gain access to their login credentials, and once those have been obtained they access the victim’s employee payroll account.
According to the FBI alert, once the victim’s account has been accessed, the attackers then begin to modify their banking information. They simultaneously redirect direct deposits made by the victim’s employer to an account they control – usually tied to a prepaid card so they cannot be tracked – and suppress notifications so that the victim is not alerted to the withdrawals being made.
The hackers use social engineering tactics to gather information on potential victims and design the fraudulent messages to appear as if coming from their company’s Human Resources department. The emails will make a request regarding their direct deposit that requires the victim to submit login information for their payroll system.
Hackers increasingly utilize social methods to identify and exploit employees, either for one-time gains or for deeper access into the company’s network. More sophisticated and patient attackers will leverage special access privileges or related connections among personnel that may be overlooked by your business’s security practices. These links can be used to dig deeper into the system and locate more valuable data.
Phishing, or business email compromise (BEC) as the FBI calls it, has become a continuous problem in NJ as hackers have deployed it as a common technique in a variety of areas, including finance, healthcare and real estate. BEC is a relatively easy-to-use method that can be utilized in volume until a promising return appears. Phishing scams can be hard to defend against and harder to spot if you do not know what to look for, and hackers are refining their approach as reflected in this new scam.
Read how SMBs are becoming increasingly exposed to techniques such as phishing and learn how you can protect your business’s network from being breached.