We continue to get the following email or different versions sent to our payroll department purportedly from a current or former employees:
Please Amend my Payroll Information
From: Employee (Dimetry) oshjhlkjjh5@gmail.com
To: Payroll
Hello good day,
I have recently had problem with my current bank, can you update my payroll direct deposit information?
Previous account on record will be inactivate a few days before next pay day, sorry for the inconvenience, thank you so much.
As with many of you, L Squared continues to work in a hybrid office/remote work mode. It is likely that we will not have face-to-face contact with every employee daily. Just like when paying vendors, if you receive a request to change an electronic funds transfer verify using a secure means of communication other than an email request that was sent. Fortunately for L Squared internally we use Microsoft Teams to communicate internally with employees. So it was quite easy to confirm that the email was fake. Phone calls to a number not known to the potential scammer would be another good method to verify that the email is fake.
Another favorite trick is to send “secure” emails requiring you to open with your password from current or prospective clients. The client’s email may have been compromised and the Cyber Criminal is monitoring the client’s communication. Even sending an email to another known account at the firm may still get you a bogus response. A common trick is to place a sense of urgency and get you to act fast. Any time you are notified of a change in electronic payment instructions a phone call to a known predetermined number is warranted.
As with you we receive fraudulent emails daily, one slip by a staff member could cost thousands of dollars. Two-factor authentication is just the beginning of security measures along with other cyber security training, awareness, and procedures. A properly endorsed Cyber Insurance policy is a must.
Lee Norcross, MBA, CPCU, CPIA
Managing Director, CEO
(616) 940-1101 Ext. 7080