Your payroll department is where the money’s at, and cybercriminals are thinking of clever ways to get some of that.
Email communication has become more frequent during the remote work period. According to Google, 18 million COVID-19 hoax emails are sent to Gmail users everyday.
With phishing scams and other types of cybercrimes becoming more rampant, your payroll officers are now more susceptible to attacks.
Scammers use powerful psychological techniques like social engineering to manipulate victims to take action immediately.
Payroll fraud is just one of the recent additions to the tricks up their sleeves. According to The Wall Street Journal’s report about email scams, there were 23,775 scam complaints filed with the FBI last 2019, with an estimated annual loss of around $1.7 billion.
Scammers pull this off by sending fake emails to unsuspecting employees. They pretend to be someone with authority within the company like the payroll department, HR team, or their own boss. This makes the employee more inclined to follow their requests.
The scammers will urge the employee to change their bank accounts or wire their money to another bank account.
So how exactly do they pull this off? Here are some of the most common ways how scammers attack your payroll:
They even track their social media accounts to know when they’re on vacation so they can tailor their message based on that information.
They will also attempt to sound like how the impersonated employee usually does in an email:
Heyyy how are you? I have switched to another bank and would like to update my deposit information. Please do the needful.
In this example, hackers have studied and used the employee’s distinct greeting and choice of words.
They may also indicate in the email body that it’s an emergency or that there is a consequence if this is not acted upon right away.
If you take time to think before acting, you are more likely to notice that something is off. That’s why hackers want you to hurry, sometimes, even panic.
Email communication is one of the most common ways employees coordinate with one another, especially when a significant number of them are working remotely due to the COVID-19 pandemic. That’s why payroll fraud through email phishing is one of the favorite routes cybercriminals take.
Here are specific actions that you can take if you spot a possible payroll scam:
The hackers will probably move on to another target or make another attempt soon. Hopefully, you’re still careful the next time around.
If possible, set up a quick video call through secure tools like Google Meet to see and hear the request from the employee themself.
If you don’t have an in-house IT staff and would like to partner with highly-trained IT experts as soon as possible, contact a managed service provider (MSP) like ER Tech Support, a Sacramento-based MSP that can protect your business 24/7.
MSPs can monitor your entire system and install the necessary detection tools to each of your devices to protect your business from multiple kinds of cyberattacks.
Being mindful with every single email you come across will come a long way. You can further reduce the risks of payroll attacks by taking the following steps:
The whole organization needs to understand why it’s important to have proper email etiquette and be vigilant even when they’re corresponding with their closest coworkers.
It should be emphasized that everyone in the organization has a responsibility to protect the company. Afterall, if the company falls victim to scammers, everyone will be affected.
MFA is a simple but highly effective tool used to add an extra layer of security that can potentially block 99% of payroll fraud attempts.
Coordinate with a certified MFA technology seller if you’re serious in boosting the security of your business.
Related Article: What is MFA and How Can It Protect Your Practice?
It can be quite tempting to close those pesky update notifications and get on with whatever you want to do on your computer, but these updates fix bugs and add enhancements to your existing software programs. So it’s important to encourage everyone in your organization to avoid skipping them.
However, upgrading your email service to a more secure version gives you long-term benefits. A boost in security against breaches and other cyberthreats is an obvious one. You’ll also enjoy additional email tools and a larger (or even unlimited!) storage capacity.
You’re probably already using Gmail and other tools in G Suite like Google Docs, Sheets, Slides, and Forms. If you’re considering an upgrade, get a discount by upgrading through a certified G Suite partner like MG Hosting Services.
Cybercriminals are constantly changing and improving their fraudulent techniques. Meanwhile, companies are having a shortage of IT experts capable of keeping them away.
By learning how to spot possible attacks and following the tips presented, you’ll be able to mitigate the majority of the attacks that can harm your business.
If you need to tighten your IT security, reach out to us immediately so we can evaluate your IT infrastructure and determine what needs to be done.
Related Article: How Gift Card Scams Work and How to Avoid Being a Victim