How Lisa had her paycheck stolen – Phishing Attack

Here is how Lisa had her paycheck stolen. Lets walk through the events leading up to it and how it actually happened!

Received an email from an employee named Lisa requesting to change her paycheck to be deposited into a different bank account.

Becky sent a reply with an attached document labeled “ACH Bank Change Form” to change the bank where the money is going to be transferred into this Friday for payroll.

She received an email shortly after that with a signed form to change to a different local bank account. Asking if the payroll will run into the new account this coming week.

Becky informed Lisa that she will review and update her information. Becky did her usual checklist of looking at the bank, making sure everything was filled out properly etc. Everything appeared to be just fine so she updated the bank information in the payroll and informed Lisa she will receive her paycheck to the new bank come Friday.

“Great.” She received the final response.

The payroll ran on Friday, come Monday, Lisa emailed Becky asking why she didn’t receive a direct deposit.

Becky scrambled to realized that Lisa was actually not the person that made the bank change request!


The bad actors involved in this scheme did a research on who the HR person was at this company, directly targeted them using the name of another person at the company. They registered a domain that very closely resembled their email address in order to better spoof Lisa’s email.
The bad actor involved created a bank using fake alias at a local bank that had laxed policy for creating an account.

They re-created the same signature and email address when they messaged Becky form HR and Boom!

The moral of this story is that bad actors have all the time in the world to think of ways to scheme legit companies and organizations. Be vigilant, pay attention, triple check email addresses and rotate your passwords on the regular!