In our Phishmas series, we've written a lot about Direct Deposit scams. These are common scams, and we've seen more of them over the course of the holidays. We believe that this influx is due to the fact that people spend a lot of money around the holidays. This scam has double-cruelty to it. Not only does it steal money, but it steals it around the holidays, when people need it most. Talk about the ultimate grinch. Here's the latest example we have:
These scams are not super sophisticated. What makes them tricky, however, is the lack of malicious link or attachment. Security scanners often look for those items, since if it's malicious, it's an easy block.
When it's just text, it becomes a bit harder. It's not entirely out of the ordinary for an employee to change their bank account information. People change banks; sometimes they want their money deposited into multiple accounts. This email in and of itself is not malicious.
The text, however, is where the danger lies. A good email security solution would see that the sender address doesn't match the company address and block it accordingly.