We’re hearing about a bold new scam in the US, but it’s bound to come to our shores soon. It’s probably more likely to be effective in larger businesses or ones with an outsourced payroll.
Essentially, the scammers try to intercept staff salary/wage payments and redirect it to their accounts.
They do this through two avenues.
1) They pretend to be the staff member, and send an email to the HR / payroll people asking for their bank details to be updated. Sometimes Payroll might direct them to an online portal where they would normally self-manage this, but of course your cyber-criminal doesn’t know the credentials for that. In that case, they wait a few days, get back in touch and claim it didn’t work and ask Payroll to manually make the change because they have rent/mortgage/loan payments (anything to make it seem urgent).
2) They send a phishing email to the employee, pretending to be HR, that’s designed to scam the employee into providing these key details.
I suspect almost everyone in NZ is paid online through an automatic payment system. That means virtually everyone is a potential victim.
We need to be constantly vigilant against these crooks!