The same digital revolution that’s ushered in an era of business innovation has been as much of a boon for the enterprising criminal set. Moreover, organizations know that this revolution has a price tag — data breaches are now part of doing business.
Many organizations, of course, are becoming better at protecting their corporate networks and their crown jewels, like customer and employee databases. However, hackers are no dummies either. They’re finding equally lucrative ways of targeting individuals directly, whether that’s employees or customers. However, the organizations are the ones paying the price just the same.
One relatively new way to bilk organizations of money is a direct-deposit phishing scheme, aimed at employers that use self-service direct-deposit platforms. These are platforms that allow employees to manage their W-2 and payroll options, so the platforms contain personally identifiable information (PII) as well as direct-deposit banking data.
The education sector has especially become a magnet for this scam. In one example, Atlanta Public Schools in Georgia reportedly ended up with more than $56,000 in payroll deposits stolen. The data of 6,000 district employees may have also been compromised, and the total cost to the district was estimated at $300,000.
Denver Public Schools in Colorado was another victim. At least 30 district employees reportedly clicked on a phishing email link, allowing scammers to change the routing numbers for their direct deposits. The theft totaled more than $40,000.
According to the FBI, the scam begins with a phishing campaign targeting individual employees. It’s a variation of sorts on the business email compromise (a.k.a. CEO fraud), in which malicious actors impersonate a trusted person or a person of authority to get the victim to perform a certain action.
In this case, the trusted authority is the human resources department or an HR vendor (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Rodika Tollefson. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/v6U3WU8dq6A/