{"id":2583,"date":"2019-05-16T13:54:10","date_gmt":"2019-05-16T18:54:10","guid":{"rendered":"http:\/\/www.ncultheaffiliate.com\/?p=2583"},"modified":"2020-11-19T14:49:45","modified_gmt":"2020-11-19T19:49:45","slug":"cmg-risk-alert-phishing-scam-targets-payroll-deposits","status":"publish","type":"post","link":"https:\/\/www.ncultheaffiliate.com\/?p=2583","title":{"rendered":"CMG RISK ALERT: PHISHING SCAM TARGETS PAYROLL DEPOSITS"},"content":{"rendered":"

Phishing scams are targeting credit union human resources or payroll departments using a form of the C-suite business email compromise. The scam uses a phishing email \u2013 appearing to be from the CEO or another executive-level employee – sent to staff that manage HR or payroll functions. The email requests changes to an employee\u2019s payroll direct deposit, which reroutes it to the fraudster\u2019s account.<\/p>\n

The IRS issued a warning about a phishing scam involving payroll direct deposits. Phishing emails from fraudsters are posing as a high-level credit union executives requesting payroll direct deposits be changed or rerouted to another financial institution. The scam is similar to the C-suite business email compromise which has increased 133% from 2017 to 2018 according to Beazley Breach Solutions.<\/p>\n

Since the scam involves payroll, employees are more likely to act on impulse and react immediately to avoid having any pay disrupted. In some cases, fraudsters have spoofed the executive\u2019s email. However, the fake emails have also been generated through free email services.<\/p>\n

This phishing scam can have a devastating impact on staff and credit unions. It is unlikely the credit union can recover the funds once the ACH payroll file has been processed due to fraudsters quickly withdrawing the funds once deposited. Even though some transactions may be low dollar amounts, it is cheap and easy to execute leading experts to expect a steady increase in this method of phishing.<\/p>\n

Mitigation Tips
\n<\/strong>Consider these risk mitigation tips:<\/p>\n

-Validate requests to change the destination of payroll direct deposits that are not made in person, such as call the individual making the request.
\n-Don\u2019t accept these requests from employees\u2019 personal email accounts.
\n-Use an [EXTERNAL] tag in the subject line of incoming emails sent from external email addresses.
\n-Watch for misspelled words or grammatical errors within emails \u2013 a common sign of a phishing email
\n-Hover the cursor over the sender\u2019s email address to confirm the sender\u2019s actual email address. Inspect for irregularities as this is a sign it could be spoofed.
\n-Require employees to complete an updated direct deposit authorization form
\n-Require a secondary internal approval for payroll changes
\n-Flag incoming emails that contain words such as \u201curgent\u201d or \u201cimmediate\u201d
\n-Remove lists of employees, title and email address from your credit union Web site as this can assist the fraudster in knowing the organizational structure<\/p>\n

Risk Prevention Resources Access<\/strong>
\nCUNA Mutual Group\u2019s\u00a0Protection Resource Center<\/a>\u00a0at cunamutual.com for exclusive risk and compliance resources to assist with your loss control. The Protection Resource Center requires a User ID and password.<\/p>\n

-Checklist –\u00a0An Employee\u2019s Guide to Phishing Emails
\n<\/a>-Risk Overview –\u00a0The Rise of Social Engineering Fraud
\n<\/a>–Emerging Risks Video Series
\n<\/a>-On-Demand Webinar –\u00a0Employees: A Gateway for Social Engineers<\/a><\/p>\n

\"CUNA<\/p>\n ","protected":false},"excerpt":{"rendered":"

Phishing scams are targeting credit union human resources or payroll departments using a form of the C-suite business email compromise.<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.ncultheaffiliate.com\/index.php?rest_route=\/wp\/v2\/posts\/2583"}],"collection":[{"href":"https:\/\/www.ncultheaffiliate.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ncultheaffiliate.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ncultheaffiliate.com\/index.php?rest_route=\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ncultheaffiliate.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2583"}],"version-history":[{"count":0,"href":"https:\/\/www.ncultheaffiliate.com\/index.php?rest_route=\/wp\/v2\/posts\/2583\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ncultheaffiliate.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ncultheaffiliate.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ncultheaffiliate.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}