(406) 248-6178 | (208) 228-9685 Rocky Mountain/Inland Northwest        

Payroll Fraud


Public Service Announcement from the Federal Bureau of Investigation

Cybercriminals Utilize Social Engineering Techniques To Obtain Employee Credentials To Conduct Payroll Diversion

Alert Number: I-091818-PSA

Questions regarding this PSA should be directed to your local FBI Field Office.
Local Field Office Locations: www.fbi.gov/contact-us/field-offices

The IC3 has received complaints reporting cybercriminals are targeting the online payroll accounts of employees in a variety of industries. Institutions most affected are education, healthcare, and commercial airway transportation.

METHODOLOGIES

Cybercriminals target employees through phishing emails designed to capture an employee’s login credentials. Once the cybercriminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account in order to change their bank account information. Rules are added by the cybercriminal to the employee’s account preventing the employee from receiving alerts regarding direct deposit changes. Direct deposits are then changed and redirected to an account controlled by the cybercriminal, which is often a prepaid card.

RECOMMENDATIONS

To mitigate the threat of payroll diversion:

VICTIM REPORTING
The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the IC3 at www.ic3.gov. If your complaint pertains to this particular scheme, then please note payroll diversion in the body of the complaint.

Source: https://www.ic3.gov/media/2018/180918.aspx