Ideas & Insights

Risk Alert: FBI Warns of Hacker Scheme Targeting Direct Deposit Paychecks

Risk Alert: FBI Warns of Hacker Scheme Targeting Direct Deposit Paychecks

by Mark Cousineau, Director, Advisory Services

Cybercriminals are rerouting direct deposit paychecks into their own accounts.

In a public service announcement, the FBI detailed the rise of a new scheme where criminals hack into online payroll accounts at school districts, universities, hospitals, and commercial airway transportation.

In this scam, hackers target employees through phishing emails designed to capture an employee’s login credentials, which the cybercriminals use to access an employee’s payroll account. Hackers then change direct deposit bank information to redirect funds into an account they control. Typically, that money is deposited onto prepaid cards. The FBI is urging people to be wary and vigilant toward any official-looking emails specifically related to company surveys.

MGO’s Risk Advisory team recommends a proactive user/system threat response to be prepared for attacks like this one. Following is a brief explanation of steps every organization should take to protect from cyberattacks, which follow from the FBI’s recommended response:

Governance Oversight of Information Systems: Controlling Access to Programs and Data

Evaluate your organization’s objectives against the risks that prevent you from achieving those goals. Then direct the organization through formal policies and procedures, regular communication, and supportive actions. It is key to monitor organization and management performance toward achieving goals and objectives while managing the related risks.

  • Restrict access to the Internet on systems handling sensitive information and/or implement two-factor authentication for access to sensitive systems and information.
  • Only allow necessary processes to run on systems handling sensitive information.
  • Ensure that log-in credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.

1st Line of Defense: User Education and Best Practices

Strengthen your organization’s cyber risk awareness and responses. It will pay dividends. Establishing good cybersecurity hygiene habits helps mitigate the risk of ransomware attacks and data breaches.

  • Alert and educate your workforce about this scheme and provide preventative strategies and appropriate reactive measures should a breach occur.
  • Instruct employees to hover their cursor over hyperlinks included in emails to view the actual URL and ensure the URL is related to, or associated with, the company it purports to originate from.
  • Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any email.
  • Direct employees to forward suspicious requests for personal information to the information technology or human resources department.

2nd Line of Defense: Human Resources, Payroll & Information Technology

Strengthening these business support functions, specifically in areas where sensitive information and data are vulnerable, provides a valuable and broad backstop to the 1st line of defense and helps demonstrate the organization’s commitment to protecting information, services, and people.

  • Apply heightened scrutiny to actions initiated by employees seeking to update or change direct deposit credentials.
  • Monitor employee logins that occur outside normal business hours.

3rd Line of Defense: Internal Assurance (internal audit)

Obtaining independent and objective internal assurance of cybersecurity efforts is crucial in empowering your governing body and executive management to make informed decisions. It is essential to determine whether organizational cybersecurity goals and objectives are aligned with the overall direction of the government. An effective internal audit function will confirm that assumed risk is consistent with desired risk, and that the organization is complying with cybersecurity policies and procedures.

 

 




Tagged with: