The FBI issued an alert on phishing scams involving Payroll Diversion Fraud. Using social engineering techniques, criminals choose their targets precisely, and build fake emails to steal employee's login credentials.
The fraudsters then use the stolen credentials to access the employee’s payroll account and change the bank account information. In general, direct deposits are redirected to a prepaid card, which is controlled by the criminal.
But the fraud doesn't stop there. To make it even more successful, fraudsters add rules so that employees don’t receive any kind of warning about changes made to their accounts and payment methods.
How to avoid payroll scams and block phishing
Take a look at these FBI recommendations to avoid payroll scams. They actually aren't limited to payroll scams; these recommendations work for other types of phishing frauds as well.
• Alert and educate your work team about scams.
• Instruct employees to recognize URLs included in emails.
• Instruct employees not to provide sensitive and personal information, such as login credentials, by email.
• Instruct employees to alert the information technology or human resources department in case of a dubious and suspicious message.
• Ensure employees have different credentials for different purposes.
• Monitor especially those logins that happen outside normal working hours.
• Boost your system protection.
Phishing victim: what to do?
Report the fraud to authorities and companies involved, such as the police department and to all companies that may be involved in the case. We have more tips here: 6 steps to take after falling for an email scam.