As fraud attempts grow more sophisticated, businesses must stay vigilant to protect sensitive information and prevent financial losses. Recently, our organization experienced an attempted fraud involving a direct deposit request, where a fraudulent email targeted our payroll system by impersonating a senior executive.
In this case, an email was sent to our owner, pretending to be from another executive, requesting a change to their direct deposit account. The fraudulent request sought to switch the deposit from the executive’s current bank to an account at Green Dot Bank. If not detected, the attack could have resulted in salary payments being redirected and sensitive data compromised.
Several red flags were identified, which helped our team detect the fraudulent nature of the request:
- Forged Signature: The email included a forged signature that attempted to imitate the executive.
- Voided Check: To make the request seem legitimate, the fraudsters attached a voided check from Green Dot Bank, mimicking the standard procedure for direct deposit updates.
- Claims of Sensitive Information: The attackers claimed to have access to additional sensitive information, further enhancing the appearance of legitimacy.
- Matching Tone and Mannerism: The tone and style of the email closely matched the executive’s typical communication, making the message more convincing.
Below is the check presented with the Direct Deposit form requesting that the funds be deposited into account 799201957315 from Green Dot Bank account 124303120. The email received was masked with the executive’s name, but when reviewing more carefully, the true email source was UFY7203@gmail.com.
How to Protect Yourself and Your Organization
To safeguard both personal and organizational information, consider the following precautions:
- Verify the Sender’s Identity: Always verify the identity of the person making financial or sensitive requests. Reach out directly via a trusted channel—such as a phone call or face-to-face confirmation—to ensure the request is legitimate. Never rely solely on email for verifying sensitive information.
- Avoid Clicking on Suspicious Links: Be cautious about clicking on links in emails, especially if the email seems even slightly suspicious. Hover over links to see the actual URL and check for inconsistencies.
- Do Not Open Attachments from Untrusted Sources: Never open attachments unless you are certain the sender is legitimate and trustworthy. Fraudsters often use attachments as a method to deploy malware or gather sensitive data.
- Inspect Documentation Carefully: Just because documentation, like a voided check, appears to be authentic, doesn’t mean it should be trusted without verification. Cross-check any documents with known, reliable sources.
- Training and Awareness: Ensure that all team members are trained to recognize phishing attempts and fraud tactics. The more personalized and convincing these attacks become, the more critical it is to educate staff on identifying subtle signs of fraud.
- Multi-Layered Security: Use multi-factor authentication and secondary verification processes for sensitive changes, such as payroll updates or vendor payments, to add an extra layer of protection.
Conclusion
The recent fraud attempt targeting our organization is a strong reminder that cybercriminals are constantly refining their tactics to exploit even trusted communication channels. Protecting both your personal information and our organization requires vigilance, careful verification, and attention to detail. By following these best practices and reporting suspicious activities, we can reduce the risk of fraudulent activities and protect our operations.
If you receive any suspicious emails or requests, please notify our security team immediately.
Below is a list of resources, categorized by country, that you can use to help protect yourself and report fraud:
United States:
- Federal Trade Commission (FTC)
- Website: https://reportfraud.ftc.gov
- Purpose: Report various types of fraud, including identity theft, online scams, and financial fraud.
- FBI Internet Crime Complaint Center (IC3)
- Website: https://www.ic3.gov
- Purpose: Report cybercrime, including internet fraud, hacking, and phishing.
- U.S. Securities and Exchange Commission (SEC)
- Website: https://www.sec.gov/tcr
- Purpose: Report securities fraud, insider trading, and investment scams.
- Better Business Bureau (BBB)
- Website: https://www.bbb.org/scamtracker
- Purpose: Report scams or bad business practices.
- U.S. Postal Inspection Service (USPIS)
- Website: https://www.uspis.gov/report
- Purpose: Report mail fraud and identity theft involving the U.S. postal system.
- USA Government
- Website: https://www.usa.gov/where-report-scams#:~:text=Scams%20happen%20online,%20by%20mail,%20phone
- Purpose: Additional resources in addition to a questionnaire that can help you identify where to best report fraud.
Canada:
- Canadian Anti-Fraud Centre (CAFC)
- Website: https://www.antifraudcentre-centreantifraude.ca
- Purpose: Report mass marketing fraud, identity theft, and scams.
- Competition Bureau Canada
- Website: https://www.competitionbureau.gc.ca/eic/site/cb-bc.nsf/eng/h_00122.html
- Purpose: Report misleading advertising, price fixing, and other competition-related fraud.
United Kingdom:
- Action Fraud (National Fraud and Cyber Crime Reporting Centre)
- Website: https://www.actionfraud.police.uk
- Purpose: Report fraud and cybercrime, including phishing, financial scams, and identity theft.
- Financial Conduct Authority (FCA)
- Website: https://www.fca.org.uk/consumers/report-scam-unauthorised-firm
- Purpose: Report investment fraud, financial scams, and unauthorized financial services.
Australia:
- Scamwatch (Australian Competition and Consumer Commission)
- Website: https://www.scamwatch.gov.au
- Purpose: Report scams, including phishing, investment fraud, and identity theft.
- Australian Cyber Security Centre (ACSC)
- Website: https://www.cyber.gov.au/acsc/report
- Purpose: Report cybercrime, including hacking, fraud, and other internet-based scams.
European Union:
- European Consumer Centre (ECC)
- Website: https://www.eccnet.eu
- Purpose: Report cross-border consumer fraud, e-commerce fraud, and misleading business practices in the EU.
- Europol (European Union Agency for Law Enforcement Cooperation)
- Website: https://www.europol.europa.eu/report-a-crime/report-cybercrime-online
- Purpose: Report international and cross-border fraud, including cybercrime and fraud related to organized crime.
India:
- Cyber Crime Reporting Portal (Government of India)
- Website: https://www.cybercrime.gov.in/
- Purpose: Report cybercrime, including financial fraud, online scams, and phishing.
- Reserve Bank of India (RBI)
- Website: https://www.rbi.org.in/Scripts/Complaints.aspx
- Purpose: Report banking fraud, unauthorized transactions, and financial scams.
New Zealand:
- Netsafe
- Website: https://www.netsafe.org.nz/report
- Purpose: Report cybercrime, including online scams, phishing, and fraudulent emails.
- Financial Markets Authority (FMA)
- Website: https://www.fma.govt.nz/scams/report-a-scam/
- Purpose: Report investment fraud and financial scams.
South Africa:
- South African Fraud Prevention Service (SAFPS)
- Website: https://www.safps.org.za
- Purpose: Report identity theft, financial fraud, and related scams.
- South African Police Service (SAPS)
- Website: www.saps.gov.za/services/report_crime.php
- Purpose: Report cybercrime, financial scams, and fraud.
Global Resources:
- International Consumer Protection and Enforcement Network (ICPEN)
- Website: https://www.econsumer.gov
- Purpose: Report cross-border e-commerce fraud and scams.
- USA Federal Trade Commission
- Website: https://www.ftc.gov/media/70962
- Purpose: Report international scams or cross-border fraud.
These websites are valuable resources for reporting various types of fraud, ensuring that we can all act when encountering fraudulent activities.
