ON YOUR SIDE Warning: Your boss may accidentally give scammers your paycheck
BATON ROUGE – Near-convincing phishing emails are targeting automatic deposits for employee’s salaries and if a payroll department is not careful, the con may work.
The IRS warned in December of the direct deposit scam where email accounts are created to mimic an actual employee. Thieves create free email accounts with the identical name of an actual employee and send an email requesting human resources or payroll departments change the direct deposit account for a paycheck.
In cases where managers are not able to see the full email address and only see the employee’s name, it may appear to be legit. If managers are not careful, they may unknowingly engage in an email thread and change the direct deposit account so the thieves receive an employee’s salary.
Managers “may not notice, either because they are working quickly and they don’t notice the full email address, or they are working on a mobile device where only the person’s name is displayed in the ‘from’ field,” CNBC explained in an April report when scammers targeted a non-profit.
Friday, an attempt was even made at WBRZ where scammers posed as an employee who is seen daily on the news.
“I want to update my [direct deposit] information with my new account details. Can the change be effective for the current pay date?” the scammer wrote to the TV station’s human resources director Friday morning. A follow-up call between the manager and the employee brought the trick to light.
The scammers later responded, again posing as the employee, that they would send over new banking information soon.
While the email appeared in the inbox with the employee’s exact name, the email address was obviously not a corporate account – with an “@officee365mailerz.com” address.
“Watch your email and social media accounts very closely. When receiving an email, always pay attention to the actual email address, not just the sender’s name,” WBRZ’s HR chief, Jennifer Dartez, reminded everyone.
Follow the publisher of this post on Twitter: @treyschmaltz