Thieves target direct deposits through email scam

October 26, 2018
Folder tab that says, "Payroll"

If you use an employee self-service tool to manage the direct deposit of your paycheck, beware of this new email scam.

How the direct deposit scam works

According to the Federal Bureau of Investigation (FBI), thieves are impersonating your Human Resources department or payroll service provider by sending fake emails that try to trick you into providing your payroll login credentials.

This phishing attempt may come through your work or personal email account, and contain a fake link connected to a site that looks very much like your office payroll site. Once the criminal has obtained your direct deposit login credentials, thieves try to guess your online banking login details. The assumption is your payroll login is closely related to your bank login details. If successful, thieves then change your bank account settings.

The new online banking settings prevent you from receiving alerts about your direct deposit. Future direct deposits are redirected to an account controlled by the criminal, which is often a prepaid card.

How to protect yourself against the scam

  • Do not share login credentials in any email response!
  • Ensure your login credentials used for payroll purposes differ from those used for others, such as your bank login.
  • Ensure the URL provided in the email is actually related to or associated with the company it claims to be from. If you’re in doubt of the website listed in the email, hover your cursor over the hyperlink(s) to view the actual URL.
  • Contact your HR department or the payroll service provider by phone to confirm there is some action required before clicking any links or taking any action.
  • Enable two factor (or two-step) authentication, if your process for changing payroll information offers that feature. This could greatly limit any negative impact from the scam even if credentials are disclosed through a phishing site.
  • Learn to spot the red flags of phishing scams. If you receive a suspicious request, contact your financial institution directly by typing the URL into your web browser or calling their toll-free number directly.
  • Delete the email request.

What to do if you’re a victim

If your direct deposit payroll is linked to a Credit Union account, call the 24/7 Member Services line at 888.732.8562 to update your account settings; calls may be recorded for quality assurance. Otherwise call your related financial institution. Then file a complaint with the FBI’s Internet Crime Complaint Center (IC3), adding “payroll diversion” in the body of the complaint.

Share this article: