Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

FBI Warns of Cyber-Thieves Targeting Payroll Accounts

Cybercriminals are targeting the online payroll accounts of employees in a variety of industries to divert funds, the Federal Bureau of Investigation (FBI) warns.

Cybercriminals are targeting the online payroll accounts of employees in a variety of industries to divert funds, the Federal Bureau of Investigation (FBI) warns.

According to an alert from the FBI’s Internet Complaint Center (IC3), numerous such attacks have been already reported, with education, healthcare, and commercial airway transportation being the most impacted industries.

The preferred attack method is phishing, which allows cybercriminals to capture an employee’s login credentials. Armed with this information, the cybercriminals then access the employee’s payroll account and swiftly change their bank account information.

The cyber-thieves also add rules to the employees’ payroll accounts to ensure that they do not receive alerts regarding direct deposit changes. Next, the attackers change direct deposits and redirect them to accounts they control.

Payroll diversion, the FBI says, can be mitigated through educating employees about the scheme and through informing them on preventative strategies and appropriate reactive measures they should take once a breach has occurred.

“Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from,” the FBI says.

Phishing relying on URLs is successful due to the use of links that closely resemble those of websites owned by the organizations they purport to be from, but instead take the victim to pages controlled by the attackers.

The FBI also notes that instructing employees to not provide log-in credentials or personally identifying information in response to any email should mitigate phishing risks as well. Employees should also be taught to forward any suspicious requests for personal information to the information technology or human resources department.

Advertisement. Scroll to continue reading.

Organizations should also ensure that the credentials used for payroll purposes are different from those used for other purposes. Heightened scrutiny to bank information initiated by employees when looking to update or change direct deposit credentials and monitoring employee logins that occur outside normal business hours should also mitigate the risks associated with payroll diversion.

Furthermore, organizations are advised to restrict access to the Internet on systems handling sensitive information and to consider adopting two-factor authentication for access to sensitive systems and information. Allowing only required processes to run on systems handling sensitive information is yet another mitigating factor.

Related: BEC Scam Losses Top $12 Billion: FBI

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.