The importance of paying attention and being proactive against social engineering & hackers.
A business owner reached out to us to let us know that he was recently a victim of a scam. Here is his story.
He hired a new team member recently and he got an email from the new hire, asking to change their direct deposit info. He communicated back and forth via email with the new hire and eventually changed the info.
On payday, the employee reached out to say that he never got paid. After discussing what happened, it turns out the email request, and subsequent emails had come from a spoofed email account Needless to say, that payment money is long gone by the criminals and the client had to issue a new payment to the real employee.
How do prevent this from happening?
- Obtain confirmation via a secondary medium, like telephone call or text when handling important money related requests.
- Visually inspect the email address to make sure it is accurate and not just the correct name
(John Smith <johnsmith@randomemailaccount.com> vs John Smith <johnsmith@propercompany.com>) - If you do detect an issue with the sender, you can contact the back and put them on alert that the bank account being changed to is a fraudulent actor.
How did this happen in the first place?
We don’t know with certainty, but based on all the information, an announcement had gone out on social media, welcoming the new team member. The malicious actor saw this and announcement and created a fake email address with that person’s name. They then got the manager, from the website (or sender of the announcement) and emailed them with the payroll change request.
This was more of a Social Engineering hack than an actual compromise in security. Nonetheless, it ended in a an expensive lesson for the client.
We like to take this opportunity to share this story to prevent future victims. If you have any questions, please reach out to our support team.
No responses yet