FBI: Hackers target HR, payroll in phishing scam

Cybercriminals posing as HR personnel are directing users to a fake employee portal

FBI: Hackers target HR, payroll in phishing scam

Cybercriminals posing as HR staff have set their sights on a new target: online payroll accounts, the US Federal Bureau of Investigation (FBI) warned.

Hackers are attempting to dupe unsuspecting employees into giving up their payroll information, such as their bank account number and passcode, through a phishing scam, authorities from the FBI’s Internet Crime Complaint Center (IC3) said.

The phishing scam starts off as an email from HR personnel asking the account owner to update or verify their direct deposit credentials.

The fake message prompts the account owner to click on a link to a dummy website – presumably a mock-up of a company’s employee portal – where the account owner will be forced to enter their username and password.

“Once the cybercriminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account in order to change their bank account information,” the FBI said.

Cybercriminals take the extra step of locking out employees from their own account.

“Rules are added by the cybercriminal to the employee’s account preventing the employee from receiving alerts regarding direct deposit changes,” investigators said. “Direct deposits are then changed and redirected to an account controlled by the cybercriminal, which is often a prepaid card.”

The FBI is urging HR personnel to alert their workforce to the phishing scam. Employees should also refrain from supplying account details in response to email prompts, and should set up two-factor authentication on their account.

Authorities said employees from the education, health care, and transport sectors have been affected.

 

Recent articles & video

Teacher censured for accessing porn on school-issued laptop

Carpool woes: Worker claims additional pay for driving colleagues to work

'Tougher market' ahead for jobseekers as NZ enters recession

Talent mobility: What’s the most challenging country for remote workers?

Most Read Articles

Employer assigns manager to smaller area – is it constructive dismissal?

Fired over colleagues' opinion?

Employer fined $20,000 for not complying with enforcement order: reports