Earlier this week, in our Phishmas series, we discussed the influx we're seeing in Direct Deposit scams. Essentially, a hacker impersonates an employee and asks HR to change their direct deposit information. When pay day hits, the payment goes to the hacker's bank account, not the employees.

Though this happens all the time, the fact that we're seeing an influx around the holiday is an interesting trend. It means that hackers are actively targeting people when they are likely to spend their money the most. Here's the latest example:

You'll notice that the email comes from a "proton.me" address, and not the company's address. That's a tell-tale sign that something is amiss. 

In this case, the formula remains the same. Ask for HR to change direct deposit details. Money gets diverted elsewhere.