The FBI is warning that cybercriminals are sending phishing emails designed to capture employee login credentials. After obtaining credentials, criminals access employee payroll accounts and redirect paychecks to prepaid cards.
The criminals also add rules to hacked accounts preventing employees from receiving alerts regarding the changes. Note that cybercriminals are not hacking payroll software in this case. Instead, they are using "social engineering," tricking people into giving up login information.
How to Protect Employees from Payroll Scams:
- Warn them about this particular scam.
- Instruct them to hover their cursor over hyperlinks in emails to ensure the URL is actually what it purports to be.
- Instruct them never to give log-in credentials or personal information in response to emails, ever.
- Ask them to forward suspicious emails to the information technology or HR department.
- Ensure that log-in credentials for payroll are unique.
- Scrutinize any changes made to employee bank information or direct deposit. The default should be to talk to them and confirm the changes.
How to Report this Scam:
Report it to your local FBI field office and file a complaint with the IC3 at www.ic3.gov. Note payroll diversion in the body of the complaint.
You can read the FBI's original report on this issue here.