Phishing for Payroll Diversion

Phishing for Payroll Diversion

A recent FBI report said that there was $26 Billion (with a B) of money lost globally through email phishing schemes for a 3 year period between 2016 and 2019. That’s pretty mind blowing. But to bring this down from huge number to something easier to wrap our heads around, I thought would point out a couple interesting things I learned from the report.

Not all the scams are direct “send money this account” requests. Some times it’s phishing to ask for information about employees from their tax forms, like wage info, SIN numbers, tax data, employment history etc which they can then use for a targeted attack on somebody else.

Another “creative” strategy is sending a request to HR or payroll/booking department to update the bank account for an existing employee. For example, “I changed banks – can you please update my bank account number to the following for next payroll?”. Of course that routes to China or Cayman Islands or something….

These types of requests are small but growing, but more importantly its important to be aware that the variety and quantity is going to keep on increasing.

Click through to this FBI report for more statistics and their suggestions for protection. https://www.ic3.gov/media/2019/190910.aspx