The Australian Cyber Security Centre (ACSC) has called on payroll officers to be alert to a new online fraud based on fake emails requesting a change of bank details for employees.
The ACSC said it was aware that the fraudulent emails had been received by organisations across Australia.
“These emails spoof the emails and signature blocks of staff, and are sent to HR or payroll areas appearing to ask for a change in bank account details for the current or next pay,” the ACSC said.
“Workers often become targets while on holiday, when their Facebook or Instagram updates reveal they are away for an extended period of time.”
It gave the example of a payroll officer receiving an email that requested a change of employee bank details which stated: ‘I’d like to change my direct deposit info, can it be effective for the current pay date?’
Not thinking it was suspicious, the payroll officer emailed a reply. A second email, again appearing to come from the worker, was then sent with the fraudulent bank details.
It said: ‘Kindly find my new direct deposit information. Let me know as soon as this is updated and also kindly confirm exact amount of any changes for my reference’.
“The payroll officer changed the details and notified the worker by internal email.
The worker immediately notified IT and payroll that this was not authorised. The payroll officer removed the bank details and luckily no payment was made,” the ACSC said.
“If you are a payroll officer and you receive a ‘Subject – Payroll’ or ‘Subject – Urgent Payroll Request’ email, stop and think” the Security Centre warned.
