Press "Enter" to skip to content

Posts published in “Security”

Direct Deposit Fraud Running Rampant

0

I wrote an article over 3½ years ago about direct deposit fraud, first published in the FBI annual Internet Crime Complaint Center (IC3) report for 2018, when about 100 complaints were reported.  Today, years later, we are finding it occurring on too-regular of a basis, and I would not be surprised if there were 100 complaints a day.  How it occurs is the fraudster diverts an employee’s paycheck to their “bank account,”  which they will then clear out as soon as the funds hit on pay day.  The two questions you may be asking are ‘how do they change the…

Payroll (Direct Deposit) Diversion Fraud is on the Rise

0

Late last year, the Internet Crime Complaint Center (IC3), a division of the FBI released a public service announcement I-091818-PSA https://www.ic3.gov/media/2018/180918.aspx regarding the practice of payroll diversion by cyber-criminals. This announcement identified employees whose online self-service portal credentials were compromised, typically through a phishing attempt, and the criminal would change the direct deposit bank account of the employee to a loadable debit card in their possession. Unfortunately, once funds are sent to a debit card, the criminal can withdraw them without a trace. I am expanding that announcement to include another case of payroll diversion that we have seen. While…

Biometric Timeclock Considerations

0

A biometric recognition timeclock is a great way to assure that the employee who is ‘on the clock’ is actually the one on-site and performing work, as it utilizes a part of the person’s body as their verification.  In mainstream practice, I find two main types of biometric clocks; hand recognition and fingerprint recognition.  In this article, I will discuss a few pros and cons, and how reliable they are in making a positive id. First up is hand recognition.  The device is the HandPunch clock which reads the unique geometry of each person’s hand.  Contrary to popular belief, it…

PayMaster HCM & Security

0

This has been an interesting week in the world of information security. On Tuesday, Brian Krebs blog site, KrebsOnSecurity, posted an article detailing how a number of self service accounts were hijacked from ADP.  In short, due to a weak registration process and a far too lackadaisical approach to stale accounts (i.e., accounts that were never activated by employees) on ADP’s part, as well as the inadvertent posting of sensitive registration codes on the part of a number of clients including a large commercial bank, U.S. Bancorp, victimizers were able make self service accounts for a considerable number of dormant accounts.  In turn, the intruders used…