The FBI warns that cyber criminals are posing as HR employees and using a phishing scam to get employees to provide the scammer with access to the company’s self-service payroll platform.
When employees click on the link within the scammer’s email and provide the requested information, they unknowingly provide the scammer with their W-2 and pay stub information. The scammer can then change direct deposit instructions, passwords, credentials and email addresses linked to the account to avoid detection. In the majority of cases, employers were not aware of anything until workers reported they weren’t receiving their wages.
To learn how you can prevent this from happening at your organization, please view the FBI’s suggestions and download this Cyber Security Training and Best Practice Overview.