FBI: Phishing scam targeting victims' direct bank deposits
Posted October 8, 2018 7:34 a.m. EDT
Updated October 8, 2018 3:23 p.m. EDT
Federal law enforcement authorities are sounding a warning about a scam that targets workers' paychecks.
According to the latest alert from the FBI, cyber criminals are attempting to obtain direct deposit information so as to drain bank accounts.
The scam begins with an an email that appears to be from your Human Resources Department or payroll people. The email includes a link to what looks like the victim's work website.
The link requires workers to sign in, and once they do, the criminals are able to obtain their target's banking information.
It's called spear phishing and amounts to targeted emails that are sent to specific organizations. The FBI says it's mostly happening to workers at universities, hospitals and school districts.
Once the scammers have access to login information, they are able to log into their victims' real payroll website, and re-direct their bank direct deposit. The money can be rerouted to another account or prepaid card.
Cybercriminal experts say, to make things worse, the criminals turn off the employees' notifications.
"All these people are sitting around for a paycheck that doesn't come," said Chris Mayhorn, a cybercrime expert and professor of psychology at at North Carolina State University. "In fact, the bad guys have diverted that money to their own account. (The victims) have been robbed and it could be as long as 30 days before people even notice."
Experts say one thing you can do is hover over the link in the email to see if it doesn't look right or if it leads to another website.
If anything seems suspicious, experts say workers should contact their payroll department.
For more info: FBI warning on payroll diversion