FBI: Hackers target HR, payroll in phishing scam

Cybercriminals posing as HR personnel are directing users to a fake employee portal

FBI: Hackers target HR, payroll in phishing scam

Cybercriminals posing as HR staff have set their sights on a new target: online payroll accounts, the US Federal Bureau of Investigation (FBI) warned.

Hackers are attempting to dupe unsuspecting employees into giving up their payroll information, such as their bank account number and passcode, through a phishing scam, authorities from the FBI’s Internet Crime Complaint Center (IC3) said.

The phishing scam starts off as an email from HR personnel asking the account owner to update or verify their direct deposit credentials.

The fake message prompts the account owner to click on a link to a dummy website – presumably a mock-up of a company’s employee portal – where the account owner will be forced to enter their username and password.

“Once the cybercriminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account in order to change their bank account information,” the FBI said.

Cybercriminals take the extra step of locking out employees from their own account.

“Rules are added by the cybercriminal to the employee’s account preventing the employee from receiving alerts regarding direct deposit changes,” investigators said. “Direct deposits are then changed and redirected to an account controlled by the cybercriminal, which is often a prepaid card.”

The FBI is urging HR personnel to alert their workforce to the phishing scam. Employees should also refrain from supplying account details in response to email prompts, and should set up two-factor authentication on their account.

Authorities said employees from the education, health care, and transport sectors have been affected.

 

Recent articles & video

'We're making a difference' – 3M's HR leader on being at the table

20,000 frontline health workers to get pay rise

Will 2023 be the year of the layoff?

'Disturbing': 1 in 4 recruiters unlikely to accept Jewish applicants

Most Read Articles

Parental leave boosters are trending among employers

Govt urged to 'get immigration moving faster' amid shortages

Are you using your recruitment software to its fullest potential?