Last week the FBI issued an alert warning organizations that cybercriminals are actively using phishing emails to steal consumer log-in credentials for their online payroll accounts. At Proofpoint, we’ve seen this type of attack for a few years now, and unfortunately, all it takes is one credential phishing email to compromise an employee login. Once inside, that attacker can do significant damage, like requesting paychecks be rerouted to a new bank account or prepaid debit card the cybercriminal controls.
As organizations migrate from legacy HR systems to new cloud-based alternatives, cybercriminals can leverage a stolen credential to impersonate an employee without ever compromising the corporate network. Below are best practice recommendations for employees and organizations to help thwart payroll attacks.
What should companies do to protect their employees?
It’s the classic people, process, and technology equation:
- People – Train your staff to recognize and report credential phishing emails
- Process – Financial teams need to implement out-of-band validation processes for things like employees and suppliers changing bank accounts
- Technology – Implement multi-layered security strategy to shut down common attack vectors
What should employees do to protect themselves?
- Check your payroll account and confirm your details are accurate
- Check your bank account and confirm your paycheck is being delivered on a consistent basis
- Do not click on links within payroll emails. Instead visit the official website directly to access your information
- Enable multifactor authentication on your payroll portal if your vendor supports it
- If you suspect you may have clicked on a payroll-themed or other phishing email, contact your employer’s IT security team
- Forward the suspicious email to your internal spam/phishing/abuse alias
Email phishing attacks will continue to inundate businesses because the attacks are cheap, easy, and can result in significant criminal payouts. This recent FBI alert is further evidence that the cybersecurity threat environment has shifted: people are the targets, not your network. For more information on how cyberattacks are targeting people, not just technology, please review our Human Factor 2018 report: https://www.proofpoint.com/us/human-factor-2018