The following is a true IT Horror Story based upon actual events and is distributed for educational purposes.

The Scenario:

Jennifer works in the Finance department of a services firm and is responsible for payroll and direct deposit.

The Scam:

One morning Jennifer received an email that appeared to come from an existing employee stating:

Hello Jennifer,

I have recently changed banks and like to have my direct deposit changed to my new account and effective with this coming payroll. If you are less busy can you help me update my bank details.let me know so I can send it to you.

Thanks,
John Davidson
Senior Vice President
ABC Company

The sending email address was spoofed and closely mimicked John’s legitimate company email.Jennifer fell for it and responded by asking John for updated routing and account info with a friendly reminder that the first check after the change would be live, so he’d have to swing by the office to pick it up.

Our friendly scammer responded quickly, and this time was even trickier. He thanked Jennifer, sent her the updated routing info for his scammer account, and kindly requested that she skip pre-note so that he can get his next paycheck deposited into the account. By using financial terminology, he appeared to be even more legitimate.

Jennifer responded enthusiastically that “I updated everything with NO PRENOTE, so your next check will go into that account! ????”.

The scammer received John’s paycheck at the next payroll and no one was the wiser until the real John complained that he didn’t get paid.

The Lesson:

This scam is 100% preventable by taking one simple step – make a phone call. In every scenario where money is to be sent, make a phone call to verify the requestor.EVERY SINGLE TIME. Jennifer should have looked up John’s phone number in her company records and called him to verify the change request.

Jennifer also missed some clues in the email that should have raised her suspicions. First, there are grammar errors in the email that are typical of scammers. For example, there would usually be a ‘would’ in the ‘and like to have’ sentence. The scammer also asks “if you are less busy” and the ‘l’ in let is not capitalized in the last sentence. These are small grammatical errors that could be made by the real John if he was in a hurry, but they should raise suspicions. Lastly, if Jennifer had paid attention to the headers and/or originating email address of John’s emails, she would have noticed that they came from an @aol.com email address. Employees typically do not request payroll changes from their personal email addresses.