We have been alerted to a scam targeting payroll and administration staff. This is how the scam happens:
After capturing the name of a legitimate staff member, the scammer sends an email in the staff member’s name to the workplace. Titled “New Banking Details” or similar, this email requests an update to the staff member’s banking details before the next payroll.
In the case we were alerted to, the ruse was discovered when the quick-thinking payroll officer opted to call and verify the request with the victim. Warning signs included the actual sending address was a gmail mailbox and the “To” field included both real and non-existent addresses that the scammer guessed at.
This was a form of ‘payment redirection scam’. If the scammer had been successful, the victim’s next wage payment would have been stolen.
Ensure your team is aware of this kind of targeted scam and devise your own verification practices. Consider a ‘staff authorised contact list’ which has staff phone and email. Then if you get any similar requests, you can more easily identify if it’s legitimate or not.
The Australian Cyber Security Centre has a lot of great resources to assist you to Recognise and report scams | Cyber.gov.au.
Or head to our Tip – Where to start with cyber security literacy – Kindergarten IT Program.
As always, if you receive an email you’re ever unsure about, our trained staff are always happy to advise on the legitimacy of any you’d like us to check.