FBI warns of phishing scam targeting direct payroll deposits
In a recent alert, the Federal Bureau of Investigation (FBI) is warning employers that hackers appear to be targeting the online payroll accounts of employees in a variety of industries. The attacks are being carried out through phishing emails sent to employees, asking employees to divulge their direct deposit login credentials. Believing the emails to be legitimate, some employees are providing this sensitive information. Armed with user names and passwords, hackers access the employee’s payroll account to change his or her bank account information. As a result, the employee’s paycheck is rerouted to an account controlled by the hacker.
Employers should educate workers regarding this trend and should provide them with strategies to combat these schemes. For example, employers can:
- Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from.
- Instruct employees to refrain from supplying login credentials or personally identifying information in response to any email.
- Direct employees to forward suspicious requests for personal information to the information technology or human resources department.
- Ensure that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
In addition, employers can take the following steps:
- Apply heightened scrutiny to bank information initiated by employees seeking to update or change direct deposit credentials.
- Monitor employee logins that occur outside normal business hours.
- Restrict access to the Internet on systems handling sensitive information or implement two-factor authentication for access to sensitive systems and information.
- Only allow required processes to run on systems handling sensitive information.
If you have additional questions about this disturbing trend, consult with experienced human resources professionals and/or labor and employment counsel. For MEA members, the Hotline and a Member Legal Services attorney are available to provide this assistance.
Amy G. McAndrew, Esquire
Director of Member Legal Services
MidAtlantic Employers’ Association
800-662-6238
*This Alert is provided for general informational purposes only and does not constitute legal advice.