There is a new Direct Deposit phishing attack you need to watch out for. It's a sophisticated scam that starts with an official-looking email that asks you to click a link and access a website. Next, they ask you to confirm the data with your real username and password. Last, they use your info to access payroll portals, and reroute your direct deposit amounts to bank accounts owned by the bad guys. The lesson here is to never give anyone your credentials in response to an email... Think Before You Click!
Employers may want to immediately take the following precautions to avoid security breaches as a result of these phishing scams:
• Alert your workforce to this scam.
• Direct employees to forward any suspicious requests to the information technology or human resources departments, rather than replying to the e-mail.
• Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any e-mail.
• Ensure that log-in credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
• Enforce (or, where necessary, establish) multifactor authentication requirements.
• Review and update the physical, technical and personnel-related measures taken to protect your sensitive information and data." Resource: https://www.lexology.com/library/detail.aspx?g=75685deb-06fc-4e47-a696-44843104f866