Cybercriminals are targeting employee payroll direct deposit accounts through phishing emails to change bank account information, according to an alert from the FBI.
The alert said the FBI’s Internet Crime Complaint Center (IC3) had received reports of emails designed to capture an employee’s login credentials, which are then used both to change to redirect funds to accounts controlled by the criminal and to keep the victim from being alerted to the account change.
Education, health care and commercial airway transportation were the most affected industries, according to the alert.
The FBI recommends employers and employees do the following:
- Let your workforce know about the payroll phishing scheme and provide preventative and reactive strategies.
- Employees should use their computer mouse to hover over any hyperlinks included in an email so they can see the actual URL and ensure it is related to the company it claims to be.
- Employees should avoid providing login credentials or identifying information in response to any email.
- Employers should ask employees to forward suspicious email to information technology or human resources.
- Employees should ensure payroll credentials are different from login information used for other purposes.
- Employers should apply heightened scrutiny to employee changes or updates to direct deposit information or logins that occur outside normal business hours.
- Employers should restrict access to the internet on systems handling sensitive information or implement two-factor authentication.
The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the IC3 here. If your complaint pertains to this particular scheme, note payroll diversion in the body of the complaint.