Connect with us

Hi, what are you looking for?



FBI Warns of Cyber-Thieves Targeting Payroll Accounts

Cybercriminals are targeting the online payroll accounts of employees in a variety of industries to divert funds, the Federal Bureau of Investigation (FBI) warns.

Cybercriminals are targeting the online payroll accounts of employees in a variety of industries to divert funds, the Federal Bureau of Investigation (FBI) warns.

According to an alert from the FBI’s Internet Complaint Center (IC3), numerous such attacks have been already reported, with education, healthcare, and commercial airway transportation being the most impacted industries.

The preferred attack method is phishing, which allows cybercriminals to capture an employee’s login credentials. Armed with this information, the cybercriminals then access the employee’s payroll account and swiftly change their bank account information.

The cyber-thieves also add rules to the employees’ payroll accounts to ensure that they do not receive alerts regarding direct deposit changes. Next, the attackers change direct deposits and redirect them to accounts they control.

Payroll diversion, the FBI says, can be mitigated through educating employees about the scheme and through informing them on preventative strategies and appropriate reactive measures they should take once a breach has occurred.

“Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from,” the FBI says.

Phishing relying on URLs is successful due to the use of links that closely resemble those of websites owned by the organizations they purport to be from, but instead take the victim to pages controlled by the attackers.

The FBI also notes that instructing employees to not provide log-in credentials or personally identifying information in response to any email should mitigate phishing risks as well. Employees should also be taught to forward any suspicious requests for personal information to the information technology or human resources department.

Advertisement. Scroll to continue reading.

Organizations should also ensure that the credentials used for payroll purposes are different from those used for other purposes. Heightened scrutiny to bank information initiated by employees when looking to update or change direct deposit credentials and monitoring employee logins that occur outside normal business hours should also mitigate the risks associated with payroll diversion.

Furthermore, organizations are advised to restrict access to the Internet on systems handling sensitive information and to consider adopting two-factor authentication for access to sensitive systems and information. Allowing only required processes to run on systems handling sensitive information is yet another mitigating factor.

Related: BEC Scam Losses Top $12 Billion: FBI

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...