Author Topic: Email Hacked, Employer Gave my Paycheck to Strangers  (Read 5402 times)

0 Members and 1 Guest are viewing this topic.

JimmyJamesKY

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 3842
  • Sign says long-haired freaky people may now apply.
Email Hacked, Employer Gave my Paycheck to Strangers
« on: April 02, 2022, 06:01:04 PM »
The wife checked the balance this morning to see how much was in there after my check went in.  Well, the account was about $1200 light, so I went to the bank to get a record of transactions, and discovered that my direct deposit did not go in.

I called the office manager to let her know there was a problem with my DD and to please take care of it Monday morning so I can pay the mortgage.  Well, she texted back telling that she talked to HR and they sent the direct deposit to the new account as per my email.  I asked her what she was talking about, and she sent me a screenshot of the email.  It was written in bad English with no punctuation requesting that they "kindly update my new bank account details on the system with immediate effect" and "please let me know when this happens immediately",  gave a new account and routing number.

This is actually copied and pasted from the email:
"I am writing this to change my payroll bank details that you have on the system . I have closed my bank account that you have on the system, Attached you will see my new bank account Void check

Kindly update my new bank account details on the system with immediate effect and process my next payroll payment to my new bank details listed below :"

They have known me for 8 years now, and the email doesn't even sound like me. It had verbs capitalized, no periods at the end of the sentences, used the phrase "on the system" three times in the same paragraph, and was signed twice, as in:

Thank you,
Jimmy James

Jimmy James
Job Title
Place of Employment.

The payroll person said "to be honest I didn't even read it, when the title said Direct Deposit change I just forwarded to HR, because they handle that."  Since HR received it from the payroll clerk, they just assumed it was legit, and changed my direct deposits for my pay to go from my local bank to "Meta Bank."

They said they thought it was legit because when they said they would do it, the person replied "Thank you!" :roll:

I understand that it was from my email address, but the bad English, request for urgency, and that it was being changed from a local bank to "Meta Bank" should have been major red flags, on top of the fact that any changes in my payroll status should be signed in ink by me, and not done because they received an email.

I'm sure they will make it right because the dropped the ball in so many ways, but I've spent the day changing passwords, deleting cards from Paypal and signing up for Identity Guard because my utilities and credit cards are set up through the company email, and there's no telling what they got into with a week of roaming around in my company email.

I am so pissed that they changed my direct deposit on an email without so much as a phone call to me to verify. I know they will make it right because they can't change my DD without my signature, but I'm pissed anyway because they didn't give my security a second thought. :x

"Please and kindly be sending all of Jimmy's rubles to following address so he may Spend them on Decadent items of capitalist dogs very much i Am thanking you!" :banghead:
Good friends will lend a hand, great friends will grab a leg....

LESchwartz

  • Global Moderator
  • SKS Guru
  • *****
  • Posts: 6941
  • Software Geek in Sunny Minnesota
    • SKS FAQ
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #1 on: April 02, 2022, 07:10:47 PM »
Keep in mind that they wouldn't even need to hack your email account:  email works just like regular snail mail:  They can put any return address on email they want, just like you can put any return address you want on a letter before you drop it in a mailbox.  The difference is that with email the "displayed" email address and the actual "reply to address" can be different.

I'm thinking your employer got scammed.  You probably aren't the only one of their "employees" that they got an email from.  It's likely their HR system got hacked and the hackers made off with a bunch of employee information.  If so, it's their problem, make them fix it.  FYI:  My employer requires a signed paper form for direct deposit changes.

On the other hand you may have personally been the victim of identity theft.  Time to update the antivirus on all your devices and start changing passwords.  (If you don't already do it, it would be a good idea to use different passwords on different systems as well.)  Also start credit monitoring, even if it costs a couple bucks to do it.

Larry
"The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts."--Bertrand Russell

For more information see my SKS FAQ:  https://victorinc.com/SKS-FAQ.html

Filroy77

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 5597
  • Power to the People!
    • Baby Lives Matter
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #2 on: April 02, 2022, 08:28:48 PM »
This totally bites. So sorry this has happened to you. My favorite new saying is “There’s no shortage of assholes”.

I got free identity protection after the gov. was hacked about 10 years ago. Fortunately I was never a victim from the info purge.

Had to have a new debit card twice within a couple of months last year after I discovered fraudulent charges when I checked my account via the app. They made it right both times but it’s a hassle to reset  everything that’s direct payment thru it.

Truly I wish these people were caught and punished but it seems they just get away with this stuff over and over. Lawlessness is ever increasing as we move forward.

I hope it all works out for you and these bast….s develop some kind of incurable rot.
How can these people say such lies? Because lying is not an issue when truth is not a value. Dennis Prager

Blessed is the nation whose God is the LORD

Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other.

LESchwartz

  • Global Moderator
  • SKS Guru
  • *****
  • Posts: 6941
  • Software Geek in Sunny Minnesota
    • SKS FAQ
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #3 on: April 02, 2022, 08:46:22 PM »
Truly I wish these people were caught and punished but it seems they just get away with this stuff over and over. Lawlessness is ever increasing as we move forward.

Law enforcement is really not equipped to handle this sort of thing.  What's might be needed is something like a "bail bondsman" . . . allow properly regulated private concerns to hunt down these folks and get a "reward" or "finders fee" for outing them to law enforcement.  Of course a lot of this sort of thing is international, so such a system would only get the small stateside fish.

Larry
« Last Edit: April 02, 2022, 08:56:57 PM by LESchwartz »
"The whole problem with the world is that fools and fanatics are always so certain of themselves, and wiser people so full of doubts."--Bertrand Russell

For more information see my SKS FAQ:  https://victorinc.com/SKS-FAQ.html

Filroy77

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 5597
  • Power to the People!
    • Baby Lives Matter
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #4 on: April 02, 2022, 09:02:11 PM »
Truly I wish these people were caught and punished but it seems they just get away with this stuff over and over. Lawlessness is ever increasing as we move forward.

Law enforcement is really not equipped to handle this sort of thing.  What's might be needed is something like a "bail bondsman" . . . allow properly regulated private concerns to hunt down these folks and get a "reward" or "finders fee" for outing them to law enforcement.  Of course a lot of this sort of thing is international, so such a system would only get the small stateside fish.

Larry

 A cyber division of sorts sounds appropriate but in this defund the po-lice climate, good luck eh.
How can these people say such lies? Because lying is not an issue when truth is not a value. Dennis Prager

Blessed is the nation whose God is the LORD

Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other.

JimmyJamesKY

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 3842
  • Sign says long-haired freaky people may now apply.
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #5 on: April 02, 2022, 09:30:24 PM »
I don't really blame my employer, I think they are victims of the hack as well. They thought it was me, but they shouldn't have changed my DD without something in writing.  They will likely absorb the loss and pay me, it was there bad for the lack of due diligence of verifying it was me before changing my payroll information.  They sent out a company wide password reset today.

 I took some immediate steps, and changed the password to cc's, removed all the cards from PayPal.  I withdrew the cash from my checking account except for a small amount until I can start a new checking account with a different number.  Most of what they would have access to via email is replying to bills, and when you go to the bill page it won't give up your account info until you sign in, but if they could get past that, they may be able to get to routing and account numbers.

The scam was to set up a fly by night bank account through "Meta Bank" convince my employer to DD my paycheck there, withdraw it or convert to bitcoin or whatever.  You'd think that Law Enforcement would check into who started bank accout #xxx  with routing #xxx but it cost them more to investigate than they got away with. 

It's likely that they just got away with a paycheck, but I subscribed to a credit monitoring service and put a freeze on Experian and Equifax credit reporting.  I don't know how much of my personal information they've got.  My concern is them taking out lines of credit or loans in my name.  They may already have an account in my name with Meta Bank, but you just get a robot when you call them. 

They did their homework to know who to send a request for payroll change, or close enough.  They sent it to the Accountant, but it goes through HR first, so she just forwarded without reading it.  HR, seeing it was from Accounting probably thought it was all good and changed it.  One of them should have ran it by me though, I'm sure they will get it in writing from now on.  I'm sure they were supposed to have this time, it's pretty obvious when you read the email, but hindsight is 20/20.
Good friends will lend a hand, great friends will grab a leg....

Rocketvapor

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 15076
  • awarded title of SIR ARSE
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #6 on: April 03, 2022, 04:30:28 AM »
"Please and kindly be sending all of Jimmy's rubles to following address so he may Spend them on Decadent items of capitalist dogs very much i Am thanking you!"

I love that you can see some humor in this :)

The changes and protections you added to your banking information are good but wouldn't have prevented this type of fraud. 
Neither would password changes, even though a good thing to do.
Your employer (agents of) responded to a phishing email just before the checks were processed with an URGENT request.
Didn't require any Email account hacking.  Doesn't look like a SIGN IN was required to trick your employer.
Grammar and punctuation might be something to look for but most do not check.  Besides, what they wrote seemed pretty 'Murican to me :)
The body of the email, which is the only thing most look at did not have the info to verify the source.  It's a classic case of click on everything before verifying.   
Your company sent a reply into the cloud and the hacker replied.  No real personal info was required to complete the scam except a fake SSN to start the ball rolling at the new bank.  The only info they had access to was Employment related.  Could have been an INSIDE JOB.
Have HR secure the original complete email.

This type of employment info should be behind a firewall on a 2-step verification. They should have required you to change your banking info on your "Personal Info" page. 
Work with your employer to help them improve security of their records.
You probably won't be able to access the MetaBank account unless you know your First Pet and First Car, and First Name of your first sexual partner :)
But contact them anyway. See what info they have and if you can close/freeze the account.
You NEED to know if they have your REAL SSN.   Income tax refunds can be processed with a Meta Bank Debit Card.
It's sort of First Come, First Served.

Defund the police has nothing to do with this.  Unless "YOU" write a BAD CHECK on that NEW account.

I'm sure you will come out of this with your money. 
« Last Edit: April 03, 2022, 05:42:54 AM by Rocketvapor »
Well I guess my new **** stirrin paddle don't work . I got a like . WTF 😈

Flo just received her EXPERT Mid range card from the NRA.

https://www.yahoo.com/news/famed-ex-uss-john-f-003916449.html

Danjal

  • Four touchdowns, one game.
  • Global Moderator
  • SKS Guru
  • *****
  • Posts: 26275
  • Who I am /\. Things I say >
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #7 on: April 03, 2022, 05:41:15 AM »
Keep in mind that they wouldn't even need to hack your email account:  email works just like regular snail mail:  They can put any return address on email they want, just like you can put any return address you want on a letter before you drop it in a mailbox.  The difference is that with email the "displayed" email address and the actual "reply to address" can be different.

I'm thinking your employer got scammed.  You probably aren't the only one of their "employees" that they got an email from.  It's likely their HR system got hacked and the hackers made off with a bunch of employee information.  If so, it's their problem, make them fix it.  FYI:  My employer requires a signed paper form for direct deposit changes.

On the other hand you may have personally been the victim of identity theft.  Time to update the antivirus on all your devices and start changing passwords.  (If you don't already do it, it would be a good idea to use different passwords on different systems as well.)  Also start credit monitoring, even if it costs a couple bucks to do it.

Larry

This or social media was hacked. A lot of hackers will make ghost emails using info the company puts on their page.

The fact the hacker replied means your account is either compromised or they sent it to the wrong address. IE a return address for the hacker. Either way I'd let someone higher know they both ****ed up and lost the company money. This is beyond lazy and they're involved in top positions.
Nothing makes me feel quite like a man than beating on a midget. -Thed

Stupid hurts, sometimes it's fatal. - Ranger1968

thresher_593

  • SKS Guru
  • **
  • Posts: 7557
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #8 on: April 03, 2022, 08:53:36 AM »
Knowing how loose some companies are with critical information, I understand how this could happen.

We require a deposit slip or voided check and a signed form to direct any payroll funds

Hopefully, your employer makes this right with you and reports to the appropriate law enforcement agency.
I'm just holdin' the tail. You guys are the one's pumpin' the cat.

Rocketvapor

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 15076
  • awarded title of SIR ARSE
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #9 on: April 03, 2022, 10:00:10 AM »
A check can be printed at home. 
There is no requirement that a check, or deposit slip have super special security features.
You can buy, or print you own.
Hopefully the unsigned form isn't available on-line and signatures are compared to archived examples. 
 
JJ,
was the new account in YOUR name or did the company just send your pay to an account # ?
Did your HR rep receive a dozen URGENT requests from several employees? :)
Well I guess my new **** stirrin paddle don't work . I got a like . WTF 😈

Flo just received her EXPERT Mid range card from the NRA.

https://www.yahoo.com/news/famed-ex-uss-john-f-003916449.html

JimmyJamesKY

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 3842
  • Sign says long-haired freaky people may now apply.
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #10 on: April 03, 2022, 11:42:27 AM »
They provided a picture of a voided check with my name and correct address on it.  I don't know if they started an account with my actual name or not, when you call "Meta Bank" it's an automated reply, almost tailored to this time of crime.  I don't think they would need to put the my name on the account, just the real (fake?) account and routing number they wanted it sent to, but my name on the faked check to convince payroll.

They were in my email for sure, because I found the correspondence in the recoverable files from the deleted folder.  There is a folder of deleted items, and from there it asked me if I wanted to restore 215 items that had been deleted from that folder.   Once I did that, there it was.

Yeah, it wasn't in that bad of English, but anyone one that reads my writing on a regular basis would know that doesn't sound like me.  My supervisor would have recognized the difference, but I don't send much email to HR or the office clerk.

I'm just hoping they don't have enough to get credit cards in my name.  I know when this happened, because I was locked out of my company email, and they had to send me a password reset. I/we just thought you had to reset your password periodically as a security feature.  None of us thought to look closer at it.  The same person that handles the cyber 'security'  :roll: also does payroll.  I'm sure she thought, "what a coincidence, he was locked out of his email right after he asked to change all of his payroll information to an online bank 10 states away.  Oh well, here you go."
Good friends will lend a hand, great friends will grab a leg....

mattb

  • Board Supporter
  • SKS Expert
  • *****
  • Posts: 292
    • http://theplaceofcoolness.com/
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #11 on: April 04, 2022, 02:10:27 AM »
I work in IT and I see these sorts of shenanigans all the time.

What email service do you use? Log into the webmail interface and check two specific things: forwarding (it should be OFF), and any config area you have for "Rules". Attackers will often create a rule that forwards email to their own address, then deletes or archives it so you don't see people replying to the unauthorized
emails.

Changing all your logins *might* be overkill, but it sure doesn't hurt. Glad you're on top of that. Email, unfortunately, is the keys to the kingdom nowadays (as it pretty much always has been).

If you have any particularly sensitive online logins (like bank accounts), see if they support multi-factor authentication. This is where a second step is required to log in, beyond just supplying a password. This often involves a text message, or app on your phone (still not foolproof, but much more secure than just a password). I do NOT recommend using MFA unless it's really needed, however. Overuse of MFA brings its own issues.

Antivirus software: don't waste your time. DEFINITELY don't waste your money. The sorts of attacks that get people anymore almost never take the form of a "traditional" virus (not that AV software is guaranteed to catch one of those anyway). If you're running Windows 8/10/11, it comes with built-in AV in the form of Windows Defender. This is all you should be running.

It's good that you were able to determine someone actually got in your email. They may have just brute-forced your password (I presume your email login was still working?), or perhaps you yourself fell for some sort of phishing attack. Sometimes it's obvious, sometimes not. I see some odd attacks lately. The other day, one of my customers received an email attachment  (a PDF document) from one of his business associates (who himself was probably duped by a phishing attack), which included a link to a website where you were invited to "view" the attachment contents by, you guessed it, plugging in your password.

Had a lot more I wanted to say, but I don't want to sound like a grumpy old elitist IT dude.

Matt

Rocketvapor

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 15076
  • awarded title of SIR ARSE
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #12 on: April 04, 2022, 08:28:26 AM »
Guess I was wrong about it being a phishing email if they actually got into your company email and blocked you and 'deleted' history. 

I would look closely into what you do on that service.  It seems YOU where the ONLY one that got hit or were there others?
Why/How was your password compromised?

Check notification settings on small, less secure incoming sources (like small forums). 
I use a separate email service and browser for high value sites. 

Look into text notifications for bank transactions like deposits, withdrawals, etc., over a set limit. 
Direct deposits, balance falls below my 'cushion', wife hits the grocery check out, but not little charges. 



Well I guess my new **** stirrin paddle don't work . I got a like . WTF 😈

Flo just received her EXPERT Mid range card from the NRA.

https://www.yahoo.com/news/famed-ex-uss-john-f-003916449.html

JimmyJamesKY

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 3842
  • Sign says long-haired freaky people may now apply.
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #13 on: April 04, 2022, 10:27:23 AM »
Quote
Why/How was your password compromised?

That is what I don't know. The payroll lady said they use machines to figure out the passwords, so maybe the "brute force" method Matt mentioned (thanks Matt).

The office may be able to use the routing number provided on the fake check to reverse the DD.  I thought about using the routing/account number the thieves provided to pay off my credit cards, but the payroll lady said when they get caught (yeah, right) I could be implicated.  I was just thing of using lemons to make lemonade by using the scammers bank account number to pay off my beach vacation.

I'm sure to get the money bank, the company screwed up by not verifying the info with me in person.  The payroll lady admitted to not even reading the message, just forwarding it on to HR when she read the title.  After I dug it out and sent it back, she said she would have known immediately that it wasn't me.  Since HR got it from payroll, they thought it had been verified I guess.  Still "thought so" isn't good enough in this day and age.

They seemed to think I'm okay as far as new lines of credit being taken out in my name, as all they got was a DD rerouted to their account, and not my SS, DOB etc (I hope).  She said they don't usually linger, and this has happened a couple of time before, but with our offices in other parts of Kentucky. They get the DD, transfer it to a preloaded debit, close down the account and move on to the next victim.

I went back to my "sign in:" history, and the few hours I was locked out of my company email before the password was reset, I logged in from Virginia, New York, and South Africa.  They must be using VPN, whatever that is.  I was computer savvy back when I got a Commodore 64 for Christmas, but I'm strictly a user nowadays.  Too much trouble to keep up with the ever changing meta verse.
Good friends will lend a hand, great friends will grab a leg....

Rocketvapor

  • Board Supporter
  • SKS Guru
  • *****
  • Posts: 15076
  • awarded title of SIR ARSE
Re: Email Hacked, Employer Gave my Paycheck to Strangers
« Reply #14 on: April 04, 2022, 10:39:23 AM »
She said they don't usually linger, and this has happened a couple of time before, but with our offices in other parts of Kentucky. They get the DD, transfer it to a preloaded debit, close down the account and move on to the next victim.

You have got to be kidding. 
More than one company location?



I would check to see if your payroll lady has cousins working at the other locations  :roll:



Thanks for posting this.  Raises everyone's awareness.  Once it's all settled let us know how it turns out. 
 






« Last Edit: April 04, 2022, 11:43:08 AM by Rocketvapor »
Well I guess my new **** stirrin paddle don't work . I got a like . WTF 😈

Flo just received her EXPERT Mid range card from the NRA.

https://www.yahoo.com/news/famed-ex-uss-john-f-003916449.html