Around two or three times per month, KVC Health Systems, a mid-sized non-profit agency for child welfare based in Kansas City, receives phishing emails from criminals with the goal of re-routing an employee’s paycheck by direct deposit.
The emails look legitimate at first, as though they come from the CEO, CFO or payroll director.
“They might just say, ‘I need to update my direct deposit information,'” said Erik Nyberg, director of information technology at KVC. “Or they start with, ‘Hey, do you have a second?’ and if that target person responds, then they go from there.”
The fake emails defy many existing controls for malicious communications, he said. They are usually well-written, cordial and lack the misspellings, grammar mistakes and exclamation points that would trigger many popular email filters that search for spam or phishing attempts.
The scammer is trying to convince human resources personnel to change the bank account and routing information the employee uses to have paychecks direct-deposited. Once routed to the criminal’s account, the company is on the hook for replacing the stolen funds and the employee faces the inconvenience of a late paycheck. KVC has had a few near-misses, Nyberg said, but has not transferred any paychecks to scammers.
It’s a new version of wire fraud scams that have devastated businesses in recent years, and a more focused version of a series of payroll fraud crimes that the Internal Revenue Service warned late last year were on the rise. The fraud is growing, experts said, because it easily bypasses many existing technical controls, and the small sums stolen are inoffensive enough that they can be folded into the cost of doing business.
A new scam with a convincing pitch
The scam has only emerged in the past month, according to Adrien Gendre, chief solutions architect with email security company Vade Secure.
Many companies “have put processes in place to validate big wire transfers, so now [criminals] want to stay under the radar. It’s a new approach, and every day we have more customers reporting it,” he said. Gendre said a dozen Vade companies have reported attempts to change direct deposit information.
The scam does not only bypass some email controls. It also bypasses warnings companies may have already issued to their employees about wire fraud, because scammers aren’t asking for money or an invoice transfer — they’re simply asking to change a bank account number.
The fraudsters typically impersonate the company’s higher-value employees, like the CFO or CEO, Nyberg said. The emails are usually brief, polite and lightly urgent, and often ask HR personnel to change the direct deposit information quickly, “before the next paycheck.”
Others try to discourage the target from calling, by writing “I am going into a meeting now.”
The spoofing doesn’t require the criminal to hack into anyone’s email account, as it often does with bigger-ticket wire fraud. The scammers generate the fake emails with free services like Gmail — the scammer simply opens a new Gmail account and fills in the employee’s name — which allows them to get around tools meant to detect hacking attempts on employee email, Nyberg explained. Employees may not notice, either because they are working quickly and they don’t notice the full email address, or they are working on a mobile device where only the person’s name is displayed in the “from” field, he said.
To read the original article:https://uk.finance.yahoo.com/news/wire-fraud-scam-targets-direct-195217074.html