The FBI issued a public service announcement (PSA) encouraging employers to remind employees not to respond to phishing emails from cybercriminals who want access to employees’ payroll information [FBI, Alert No. I-091818-PSA, 9-18-18].

How the Scam Works

The FBI said that cybercriminals are targeting employees through phishing emails designed to capture an employee’s login credentials to his or her employer’s self-service application. Once they obtain the login credentials, cybercriminals can change the bank account information to which the employee’s paycheck is deposited. The cybercriminals also change the alert settings so employees are not informed of the direct deposit changes.

How Employers Can Help

The FBI recommends employers:

  • Alert and educate employees about this scheme, including creating preventative strategies and appropriate reactive measures should a breach occur.
  • Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL.
  • Instruct employees to refrain from supplying login credentials or personally identifying information in response to any email.
  • Ensure that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
  • Apply heightened scrutiny to bank information initiated by employees seeking to update or change direct deposit credentials.
  • Restrict access to the internet on systems handling sensitive information or implement two-factor authentication for access to sensitive systems and information.

How to Report Suspicious Activity

The FBI encourages victims to report suspicious or criminal activity to their local FBI field office, and file a complaint with the Internet Crime Complaint Center (note “payroll diversion” in the body of the complaint).

Share our article