Scam Alert!

CYBERCRIMINALS UTILIZE SOCIAL ENGINEERING TECHNIQUES TO OBTAIN EMPLOYEE CREDENTIALS TO CONDUCT PAYROLL DIVERSION

The FBI’s Internet Crime Complaint Center has issued a new warning about fraudsters who are targeting your paycheck via direct deposit. Any worker can be affected by this scam, but the industries getting hit the hardest include education, health care, and commercial airway transportation.

Here’s what happens: the bad guy uses your work login info to get into your employer’s HR system to replace your direct deposit information with his own.

It starts when an employee receives an email that looks just familiar enough that he doesn’t question it too much. The email includes a link or web address that the user clicks on. Once he clicks, he will be directed to a fraudulent site or portal where the victim will be asked to enter his work credentials to confirm his identity. The bad guys use that login ID and password to change the employee’s direct deposit information in the company’s files. Often, the fraudsters even change other account settings in the system, preventing the victim from receiving an email warning that changes have been made to his account.

Here’s how employees can avoid being scammed:
Make sure you verify with your employer that a suspicious email is valid. Send it to your office’s HR or IT departments for confirmation.  Keep an eye out for any misspelled words, odd phrasing, and poor grammar. These could be indications that the email is coming from elsewhere in the world. If the email includes any links to web pages, hover your mouse over the link and confirm that the URL is exactly the same as that used by the payroll company. Don’t click if you are not 100% sure.