FBI warns of scam targeting direct deposit paychecks


WASHINGTON – The FBI is warning employees about a new scam targeting your paycheck.

In the rip-off, criminals who pose as human resources employees send emails asking for victims to update their direct deposit information, WPTV reports.

The emails include a link that you takes employees to websites that appears similar to the ones they operate at their workplace. Believing the website to be legitimate, victims enter their username and passwords, enabling the hackers to steal personal information.

According to the FBI's announcement, the criminals then take personal information and use it to access the employees' real work website and set up new accounts for direct deposit.

Many times the direct deposits are redirected to a prepaid card.

The FBI has offered these recommendations for businesses and employees to avoid the scam:

  • Alert and educate your workforce about this scheme, including preventative strategies and appropriate reactive measures should a breach occur.
  • Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from.
  • Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any email.
  • Direct employees to forward suspicious requests for personal information to the information technology or human resources department.
  • Ensure that log-in credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
  • Apply heightened scrutiny to bank information initiated by employees seeking to update or change direct deposit credentials.
  • Monitor employee logins that occur outside normal business hours.
  • Restrict access to the Internet on systems handling sensitive information or implement two-factor authentication for access to sensitive systems and information.
  • Only allow required processes to run on systems handling sensitive information.