All posts in Cyber Security

05 Feb 2019

IT Horror Stories: Direct Deposit Redirect


The following is a true IT Horror Story based upon actual events and is distributed for educational purposes.

The Scenario:

Jennifer works in the Finance department of a services firm and is responsible for payroll and direct deposit.

The Scam:

One morning Jennifer received an email that appeared to come from an existing employee stating:

Hello Jennifer,

I have recently changed banks and like to have my direct deposit changed to my new account and effective with this coming payroll.  If you are less busy can you help me update my bank details.  let me know so I can send it to you.


John Davidson

Senior Vice President

ABC Company

The sending email address was spoofed and closely mimicked John’s legitimate company email.  Jennifer fell for it and responded by asking John for updated routing and account info with a friendly reminder that the first check after the change would be live, so he’d have to swing by the office to pick it up.

Our friendly scammer responded quickly, and this time was even trickier.  He thanked Jennifer, sent her the updated routing info for his scammer account, and kindly requested that she skip pre-note so that he can get his next paycheck deposited into the account.  By using financial terminology, he appeared to be even more legitimate.

Jennifer responded enthusiastically that “I updated everything with NO PRENOTE, so your next check will go into that account! 😊”.

The scammer received John’s paycheck at the next payroll and no one was the wiser until the real John complained that he didn’t get paid.

The Lesson:

This scam is 100% preventable by taking one simple step – make a phone call.  In every scenario where money is to be sent, make a phone call to verify the requestor.  EVERY SINGLE TIME.  Jennifer should have looked up John’s phone number in her company records and called him to verify the change request.

Jennifer also missed some clues in the email that should have raised her suspicions.  First, there are grammar errors in the email that are typical of scammers.  For example, there would usually be a ‘would’ in the ‘and like to have’ sentence.  The scammer also asks “if you are less busy” and the ‘l’ in let is not capitalized in the last sentence.  These are small grammatical errors that could be made by the real John if he was in a hurry, but they should raise suspicions.  Lastly, if Jennifer had paid attention to the headers and/or originating email address of John’s emails, she would have noticed that they came from an email address.  Employees typically do not request payroll changes from their personal email addresses.

15 Nov 2017

Security Alert: Fraudulent Phishing Emails with PDF Attachment

We’ve seen an influx of fraudulent phishing “please review” emails this week coming to our own staff so it serves as a good reminder to inform you of these threats that masquerade as legitimate emails.

The emails we are seeing are written so that they appear to come from a person at a legitimate company and contain a PDF attachment asking you to review important information such as invoices or other “important information.”  The emails are sent from individuals who have fallen for the trick and have had their email address compromised.  One of the messages we received from was from a local company in Mukilteo.  This may have been caused by the person falling for the phishing attack and providing their username/password, a weak password, insecure servers or poor malware protection.  They may specifically target people in the compromised account’s contact list as they may be expecting to hear from that person and are more likely to fall for the request.  Here’s an example of the text in one of these emails:


Please review the below FirstName LastName (CompanyName) 11/15/2017 Official Documents

Kindly, click open file using supportive web browser. Document is securely send using PDF scanner. Feel free to contact me if you have any questions.

Note: Open Attached PDF and preview with Existing ID

Upon opening the PDF attachment, it contains a link to “Click Here” or “Sign In” to “unlock the document” or “view the invoice” and you are encouraged to ignore any security warnings and to sign in with your “existing email ID”.  This particular threat does not contain malicious malware within the attachment and preys upon the weakest link in the security chain – the user providing their information of their own free will.  Remember that hackers frequently use social engineering techniques to manipulate users and obtain sensitive data.  If you feel tricked, trust your instincts and don’t do what they’re asking of you.

So what happens if you click on the link?  Possibly nothing in this case, although it’s better not to do so.  So long as you exited the web page and didn’t provide any sensitive information you likely thwarted the threat.  If you did provide your information, you should immediately change your password on your account and any others that use the same credentials.  Contact us ASAP and we can assist with this.  Many phishing sites do contain payloads which attempt to load malicious files onto your PC without your consent so the best course of action is to not take any chances and immediately delete any non-legitimate emails and not to click on any links.

To prevent the success of phishing techniques you should always be leery of emails that are impersonal, from people you don’t know, or do not address you by name.  One trick is to mouse over a link to see where it will take you before you click on it.  Links can sometimes be shortened with bitly URL shorteners so this doesn’t always help but if you don’t recognize where the link is taking you, treat it as suspicious.

10 Dec 2015

Online Security – How Can I Stay Safe?

cyber security

You are sitting at a neighborhood bistro waiting on a friend. They are running late, and so you decide to take advantage of the free Wi-Fi and surf the net on your phone. As you scroll through your emails, you remember you need to pay some bills online and figure now is a perfect time. You log on to your bank and proceed to transfer those funds.

Sound like a familiar scenario? Many people do it every day. While it is a part of daily life, we need to be cautious and know the risks, or you could find your information stolen and vulnerable. How can we protect ourselves, and what can we do to keep our personal information safe?

It is important to make sure you are hooking up to a network that is secure. Their network can be configured to track data going out and being received. Public connections are often unsecured and leave your machine open to outsiders. Be cautious when using free Wi-Fi.

When shopping online, make sure you stick with reputable sites that you know to be legit, such as Amazon or Nordstrom. To ensure that you are on a secure, encrypted part of the webpage, make sure that during checkout you divert your attention to the top of your browser. There should be a padlock symbol or the abbreviation ‘https’ in the address bar at the top of your browser when finalizing your purchases. As always, monitor your banking statements for fraudulent or suspicious activity.

Make sure that you do not click on anything where the source seems suspicious. If a window pops up, do not click on it, and immediately close it. If you received an email from an unknown source, do not follow any links within it.

Another issue to touch on to keep your information safe is password security and keeping your machines locked. When selecting a password, it is better to be complex. They should contain a mix of uppercase and lowercase letters, as well as numbers and symbols. They should be different for each site.  Finally, lock your machine up when it is not in use. This includes laptops, desktops, tablets and phones. A pin or password is ideal, as it is your first line of defense against someone trying to steal information.

close slider

Contact Form

  • This field is for validation purposes and should be left unchanged.