Someone attempted to change my direct deposit info at work – action required?
So this morning our HR person came up to me and handed me a form to fill out, I asked what it was for. She just kinda of looked at me confused.
HR: “It’s to update your direct deposit info”
Me: “Why do I need to do that?”
HR: “Because…you told me you wanted to…”
Me: “I definitely didn’t make that request”
HR: “Well then you must have been hacked!”
She brings me to her computer and shows me an email from “me” that essentially went:
“Hi HR Person’s Name,
I need you to help me change my DD information due to a pending issues I have with my current bank. Please find the new bank information attached.
Regards My Name”
The email was from “me” in that my name was in the sender field but the address was not me, it was “email@example.com”. There were also no attachments with the email (must have been stripped out by our email filters/security). I pointed this out to the HR director to show it wasn’t from me, as well as a reminder to always check the actual sender address, not just the name it shows (I work in IT here so this situation/training comes up occasionally).
No harm came of this, as at our work, HR needs to have the employee fill out a paper form with their new banking info, so obviously my direct deposit information hasn’t been changed.
As for how this happened, I have a rough idea. I work for local government, and though my contact info isn’t posted publicly on our website, it has been before in certain articles or info that has been publicly accessible in the past. The HR person does have their info on our website, as they are responsible for other matters besides HR that requires their contact info be public. So technically someone could have a list of potential employees here and just be going through and spoofing emails from them to HR. I told HR this and advised them to watch for similar emails coming from “other employees”.
All of my passwords are unique and randomly generated through a password manager app. As a precaution I did change my personal email, work email, and banking passwords, as well as enable two-factor authentication where it was offered on those services. Do you think any further action is required on my part? I don’t believe it’s necessary to cancel and cards, close accounts, or freeze credit, but just wanted to check and see what you guys think.