In our first example of Phishmas scams, we'll talk about Direct Deposit fraud.

In order to buy presents, you need money. In that vein, we're seeing an influx of phishing campaigns surrounding Direct Deposit. The general idea is that a scammer will pose as an employee asking HR or a manager to change their direct deposit information.


In this email, a scammer is impersonating an employee. However, the sender address is a Gmail account. The person asks to change their direct deposit information. Of course, if the change is made, payments will go to the scammer, not the employee.

And if that's the case, it will make for a bleak holiday for the company and employees alike.

 Sign up for our Attack Briefs to see all Phishmas attacks--and every other piece of threat intelligence we receive.