FBI Warns Employers About Phishing E-mails Targeting Payroll


HR / General 43 Views 0

Employers should be on the alert for e-mail phishing scams that target their online payroll accounts, the Federal Bureau of Investigation (FBI) warned recently.

Source: Abscent84 / iStock / Getty

Cybercriminals are using these e-mails to capture employees’ log-in credentials, the FBI explained in a September 18 public service announcement (I-091818-PSA). Once the cybercriminal obtains an employee’s credentials, they are used to access the employee’s payroll account and change the bank account information. Direct deposits are redirected to the perpetrator’s account (often a prepaid card) and the account settings are changed so the employee is not alerted to these changes.

Employers in a variety of industries have been affected by these schemes, especially education, healthcare, and aviation, according to the FBI. The bureau suggests the following steps to mitigate the threat of payroll diversion:

  • Alert and educate the workforce about such scams, including preventive strategies and appropriate reactive measures should a breach occur.
  • Instruct employees to hover their cursor over hyperlinks included in e-mails they receive to view the actual URL and make sure it actually relates to the company it purports to be from.
  • Instruct employees not to supply log-in credentials or personally identifying information in response to any e-mail.
  • Direct employees to forward suspicious requests
Read from Strategic HR – HR Daily Advisor