Email ACH fraud

Do you prenote new accounts? Does the employee receive an email when DD is changed? Does Payroll? Daily audits. Those are my ideas.

Hi Margie, Yup that's correct we do prenote new accounts and the employee hasn't been receiving the email confirmation, which I'm assuming is tied to the fraud. As of right now we just do daily audits of EMACHDEPST to look for anything suspicious. Thanks for input.

We experienced the same issue over a month ago. An employee clicked on the link which took them to a page that looked just like the Infor login page. They logged in and that is how the hacker got the credentials. The hacker then went and changed the bank R/T and Account and her check was deposited in the hackers account. We are in the process of implementing Two Factor Authentication, but have not worked out all of the issues.  We are on version 10.0.9 environment and 10.0.7 application.  The Two Factor Authentication works when they log into Employee Space, but the hacker can get the URL directly to the page and log in that way without going through Two Factor.  Trying to figure out how to resolve that.  Good Luck

Some of our clients (cannot disclose the names for obvious reasons) had this issue as well. Some attacks were quite elaborate, including setting up a fake site that had some of the Lawson-like pages. Most of the elaborate attacks originated outside US. So, geolocation (rejecting certain type of traffic originating outside US), curtailing outside (non-VPN) access to some of the Lawson functions and implementing two-factor authentication would be the ways to control this issue. Two-factor authentication probably would be the most efficient way, though implementing it in an organization with say, 20,000+ people would take time. Also make sure that two-factor authentication is implemented directly in the Lawson environment to avoid the situation described by Jim above. There are discussions about it on this forum. The easiest ways include custom LDAP BIND, or built-in feature of ADFS.

Thanks for all the feedback, it's very appreciated.

We got hit with something similar a few years back. We pulled the ability to do online ACH changes completely and went back to a paper method. We have two-factor authentication in place now, but haven't discussed returning this ability to users.

[quote] Posted By JimY on 04/30/2018 11:14 AM We experienced the same issue over a month ago. An employee clicked on the link which took them to a page that looked just like the Infor login page. They logged in and that is how the hacker got the credentials. The hacker then went and changed the bank R/T and Account and her check was deposited in the hackers account. We are in the process of implementing Two Factor Authentication, but have not worked out all of the issues.  We are on version 10.0.9 environment and 10.0.7 application.  The Two Factor Authentication works when they log into Employee Space, but the hacker can get the URL directly to the page and log in that way without going through Two Factor.  Trying to figure out how to resolve that.  Good Luck [/quote]

[quote] Posted By Alex Tsekhansky on 04/30/2018 10:51 PM Some of our clients (cannot disclose the names for obvious reasons) had this issue as well. Some attacks were quite elaborate, including setting up a fake site that had some of the Lawson-like pages. Most of the elaborate attacks originated outside US. So, geolocation (rejecting certain type of traffic originating outside US), curtailing outside (non-VPN) access to some of the Lawson functions and implementing two-factor authentication would be the ways to control this issue. Two-factor authentication probably would be the most efficient way, though implementing it in an organization with say, 20,000+ people would take time. Also make sure that two-factor authentication is implemented directly in the Lawson environment to avoid the situation described by Jim above. There are discussions about it on this forum. The easiest ways include custom LDAP BIND, or built-in feature of ADFS. [/quote]

[quote] Posted By TheDude on 04/30/2018 9:45 AM

Hello,

We've been experiencing a wave of ACH fraud via email lately. Our employees receive a fraudulent email, accidently click on the link (even after being instructed to not do so), the hacker somehow obtains there login info. and makes ACH changes via ESS. We're currently still on Ver9 and I've confirmed with Infor there is no additional audit trail aside of PR212 or querying data from EMACHDEPST. Ideally, if the employee would simply not acknowledge the fraudulent email, we wouldn't be experiencing this issue. It's very difficult trying to determine a pattern of some sort within the data, aside of specific referenced banks in these scenarios. We're looking into implementing a possible additional layer of security with extra authentication of some sort. I'm just curious if anyone has experienced ESS fraud similar to this or has any possible suggestions? Thanks for any input. 

[/quote]

Hello, There is a product available called PerimeterMFA that makes these types of phishing attacks simply go away. It provides multi-factor authentication for your Infor system - both on-prem installs as well as inside Infor Cloud Suite. It installs in as little as 15 minutes, is completely self-contained, and requires zero modifications to your system of infrastructure. If anyone is interested in learning more, check out https://mockenhaupt.com or shoot me an email at paul@mockenhaupt.com. Thanks. -Paul

We have avoided that issue by:

• Creating reports of ACH changes that show what has changed and to determine if the same account is used for more than 1 employee
• Employ 2 Factor Authentication

 

 

We were thinking of writing a SQL process to identify changes but found that Infor delivers some canned ProcessFlows to send email notifications about critical changes in EMSS including ACH changes. The steps to enable these are outlined in the EMSS user guide. Has anyone implemented these flows and if so were there any problems or customizations required? Thanks.

We use the flows. It is modified somewhat. Our payroll depts. and the employee is notified.

Are these flows for Lawson Process Flow of for Infor Process Automation?  I have never used one of Lawson's canned flows, where do I find those?