The FBI recently sent out a warning about a new email phishing scam with the goal of robbing employees of their pay. Called “payroll diversion,” the social engineering technique aims to capture an employee’s payroll account login credentials and surreptitiously change their direct deposit to a different account, often a prepaid card. Cybercriminals will also disable account change notifications to ensure the change goes unnoticed as soon as possible. Depending how often employees get paid and how frequently they check their bank balances, it could be several weeks before the scam is noticed adding up to hundreds, possible thousands, of stolen income.
What can you do to prevent your employees from being victimized? The FBI offers these suggestions:
- Educate your employees about this scheme and to pay attention to emails asking them to login to their payroll account from and embedded link. Scammers will put in the effort to make the emails look legitimate, a quick glance won’t be enough.
- Instruct them to hover over any links to ensure the address is pointing to the correct website. They should also check for misspellings in the address that are meant to fool the eye (i.e. using “rn” to mimic an “m”) and confirm the From email address is from a legitimate source.
- Send and post reminders instructing employees to never under any circumstance share personally identifying information (including login credentials) via email or over the phone if there is a “call us” instruction.
- Direct employees to forward to suspicious emails requesting personal information to IT or HR
- Remind them to make sure their log-in and password are unique to their payroll account.
For your payroll, HR, and IT teams it is important that they are vigilant as well.
- Apply heightened scrutiny changes to direct deposit credentials initiated by employees. If something seems amiss, reach out to the employee directly.
- Monitor for unusual login activity: increased activity, logins outside normal work hours, etc.
- Restrict access to the internet on system that handle sensitive information, or implement two-factor authorization to access sensitive systems and information
When asked if clients using Newtek Payroll & Benefits Solution’s iSolved powered payroll platform were susceptible to this new email phishing scam, Chris Manzello, SVP of Newtek Payroll and Befits Solutions, said, “We have multiple levels of security. Our platform will send a notification to the user with a 6-digit code if they are using an unfamiliar IP address. Username and password are not enough.”
If an employee becomes a victim of one of these scams, encourage them to report it to the local FBI field office and file a complaint containing the words “payroll diversion” with the IC3: www.ic3.gov