A new wire fraud scam is targeting employees at KVC Health Systems, a midsize nonprofit agency for child welfare based in Olathe, Kan., according to CNBC.
The behavioral health system said around two or three times a month, employees receive phishing emails from hackers to reroute their paychecks by direct deposit.
"They might just say, 'I need to update my direct deposit information,'" Eric Nyberg, director of information technology at KVC, told CNBC. "Or they start with, 'Hey, do you have a second?' and if that target person responds, then they go from there."
The emails are often well written, cordial and lack the misspellings, grammar mistakes and punctuation abnormalities that often alert employees to phishing attacks, Mr. Nyberg said.
This wire fraud scheme is trying to connive human resource personnel to change an employee's bank account and routing information, so the paychecks get directly deposited to the hacker's desired account. When the money gets rerouted to the hackers, the organization is required to replace the stolen funds.
KVC has had a few misses, but has not transferred any paychecks to scammers, according to Mr. Nyberg.
While these scammers don't often get away with stealing tens of thousands of dollars, the threat is real. To combat the fraud scheme, Mr. Nyberg said KVS is focused on training employees on a simple truth:
"The CEO is never going to email you out of the blue and ask you for any deposit changes. And if you have any sliver of a doubt, call the person who is making the request," he told CNBC.
Natural language processing is also being developed to flag the phishing emails before they hit an employee's inbox.