Phishing scam targets direct payroll deposits, FBI says in alert

If your paycheck hits your bank account through direct deposit, be on the lookout for emails requesting personal information including log-in credentials -- they could be a phishing scam by hackers who want to access your bank account.

The FBI warning comes as cyber criminals target the online payroll accounts of employees in a variety of industries, especially those in education, healthcare and commercial aviation. 

What is phishing? It's a scam that involves targeting employees through phony emails designed to bait the reader -- hence the word "phishing" -- and capture their login credentials. The login credentials are used to access individual payroll accounts in order to change bank account information, according to the agency; the cyber thieves then block alerts to consumers warning of changes to their direct deposits, which are then redirected to another account, often a prepaid card controlled by scammers. 

Employees should hover their cursor over hyperlinks in any emails to view the URL to ensure it's actually related to the company it purports to be from, and any suspicious requests should be forwarded to company IT or HR departments, the FBI advised. 

Most importantly, do not supply login credentials or personally identifying information in response to any email, the agency said. 

The alert follows complaints to the FBI's Internet Crime Complaint Center, or IC3, the agency said in a public service announcement last week. 

The IC3 received more than 300,000 complaints in 2016 with reported losses of more than $1.4 billion, according to its annual 2017 Internet Crime Report. 

Share this article: