Dangerous Phishing Scam Targeting Employees’ Direct Payroll Deposits

Written by: Anthony E. Stewart, Esq.

The Federal Bureau of Investigations (FBI) has issued a warning about a phishing scam that is targeting employees who receive their paychecks by direct deposit. Cybercriminals are targeting the online payroll accounts of employees around the country in a variety of industries, especially those in education, healthcare, and commercial aviation.

Here’s how it works:

To initiate the scam, a cybercriminal sends your employees an email that appears to be from your organization, or from your payroll vendor, and asks the employee to provide his or her login credentials.  This is usually done by including a link in the email that will appear to take the employee to your organization’s website and will contain a form that requests the employee to submit his or her login credentials or other sensitive information.  This website often looks very similar (if not identical) to your organization’s actual website; however, it is a fake and the information your employee provides goes straight to the cybercriminal.

Once the cybercriminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account to change the employee’s bank account information to an account controlled by the cybercriminal, which is often a prepaid card.

How to protect your employees from these attacks:

This scam continues to evolve and can fool even the most cautious employee.  However, there are steps you and your organization can take to reduce the likelihood of you or your employees becoming the next victim:

Step 1: Educate your employees

Knowledge is power. Share articles like this one with your employees. Let your employees know that this is an active threat and that your employees are a target. Provide training sessions throughout the year to ensure your employees are kept up to date with the latest cyber scams.  Remind employees to verify hyperlinks contained in emails before clicking on them and to forward suspicious emails to the information technology department.

Step 2: Implement appropriate policies

Implement a policy that your organization will avoid sending emails that request an employee to provide his or her log-in credentials or other personal information.  Then, tell your employees of this policy and instruct them to refrain from supplying log-in credentials or personally identifying information in response to an email.  Instruct your human resources and payroll departments to apply heightened scrutiny to bank information initiated by employees seeking to update or change direct deposit credentials.

Step 3: Review and enable security controls

If your human resource information system offers two-factor authentication, enable it.  Ensure that logging is enabled and monitor employee logins that occur outside of regular business hours and from IP addresses outside of your organization.

What to do if one of your employees has received a phishing scam email:

The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the Internet Crime Complaint Center.  The FBI requests that you note “payroll diversion” in the body of the complaint