While online payroll accounts are certainly convenient for both employers and employees, they are also the target of cybercriminals. The Internet Crime Complaint Center (IC3), a division of the FBI, has been receiving reports of payroll accounts being compromised, and has therefore issued the following public service warning about payroll direct deposit fraud, how to protect your employee’s accounts, and what to do if an employee is a victim of this cybercrime.
Cybercriminals Utilize Social Engineering Techniques to Obtain Employee Credentials to Conduct Payroll Diversion
The IC3 has received complaints reporting cybercriminals are targeting the online payroll accounts of employees in a variety of industries. Institutions most affected are education, healthcare, and commercial airway transportation.
Methodologies
Cybercriminals target employees through phishing emails designed to capture an employee’s login credentials. Once the cybercriminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account in order to change their bank account information. Rules are added by the cybercriminal to the employee’s account preventing the employee from receiving alerts regarding direct deposit changes. Direct deposits are then changed and redirected to an account controlled by the cybercriminal, which is often a prepaid card.
Recommendations
To mitigate the threat of payroll diversion:
- Alert and educate your workforce about this scheme, including preventative strategies and appropriate reactive measures should a breach occur.
- Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from.
- Instruct employees to refrain from supplying login credentials or personally identifying information in response to any email.
- Direct employees to forward suspicious requests for personal information to the information technology or human resources department.
- Ensure that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
- Apply heightened scrutiny to bank information initiated by employees seeking to update or change direct deposit credentials.
- Monitor employee logins that occur outside of normal business hours.
- Restrict access to the Internet on systems handling sensitive information or implement two-factor authentication for access to sensitive systems and information.
- Only allow required processes to run on systems handling sensitive information.
Victim Reporting
The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the IC3 at www.ic3.gov. If your complaint pertains to this particular scheme, then please note payroll diversion in the body of the complaint.
GTM firmly believes in protecting our clients and partners and their confidential information, which is why we voluntarily undergo a rigorous examination and assessment process for SOC 1 compliance, an internationally-recognized standard developed by the American Institute of Certified Public Accountants (AICPA) that is recognized as a mark of service quality.