The Federal Bureau of Investigation’s Internet Crime Complaint Center has received reports of cybercriminals targeting online payroll accounts, mostly impacting education, healthcare and commercial airway transportation employees.
Cybercriminals create phishing emails that seek to capture employees’ login credentials, IC3 reported in a Sept. 18 press release. Once those credentials are secured, the cybercriminals change bank account information and change email alerts so employees aren’t notified of any changes. Direct deposits are changed to accounts controlled by cybercriminals, and that money is used for the purchase of prepaid cards.
IC3 recommends the following to help employees combat this fraud.
“Alert and educate your workforce about this scheme, including preventative strategies and appropriate reactive measures should a breach occur.
“Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from.
“Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any email.
“Direct employees to forward suspicious requests for personal information to the information technology or human resources department.
“Ensure that log-in credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
“Apply heightened scrutiny to bank information initiated by employees seeking to update or change direct deposit credentials.
“Monitor employee logins that occur outside normal business hours.
“Restrict access to the Internet on systems handling sensitive information or implement two-factor authentication for access to sensitive systems and information.
“Only allow required processes to run on systems handling sensitive information.”
Those who believe they are victims of this phishing scam are asked to contact their local FBI field office, or file a complaint with IC3 at ic3.gov.