- Refrain from responding to messages, opening attachments, and clicking links from unknown senders, and exercise caution with emails from known senders.
- If correspondence contains changes to bank information or is otherwise urgent or suspicious, contact the sender via a separate means of communication—by phone using contact info obtained from official sources or in person—before taking action.
- Implement security controls that help prevent account compromise, including establishing strong passwords and enabling multi-factor authentication (MFA) where available, choosing authentication apps or hardware tokens over SMS text-based codes.
- Organizations are advised to implement strict verification processes and procedures to prevent unauthorized direct deposit changes, such as requiring direct deposit forms accompanied by a voided check or bank encoding form, verbal or in-person agreement from the requesting employee, and multiple approvals for the change request.
- Organizations are advised to educate their helpdesk and IT personnel on the tactics used by cyber threat actors to gain unauthorized access to accounts. Review and secure email and payroll systems for vulnerabilities and keep them up to date.
- If funds are unintentionally wired to a fraudulent account, immediately notify a supervisor, banking institution, the FBI, and the US Secret Service so that attempts can be made to stop the wire transfer. Unless the fraudulent transaction is discovered quickly (typically within 48 hours), it can be difficult, if not impossible, to return the stolen funds.
- If personally identifiable information (PII) has been compromised, review the Identity Theft and Compromised PII NJCCIC product for additional recommendations and resources, including credit freezes and enabling MFA on accounts.
