You are here

Cyber Criminals Utilize Social Engineering Techniques to Obtain Employee Credential to Conduct Payroll Diversion

Cyber Criminals Utilize Social Engineering Techniques to Obtain Employee Credential to Conduct Payroll Diversion

Created: Thursday, September 20, 2018 - 13:25
Categories:
Cybersecurity

The FBI’s Internet Crime Complaint Center (IC3) has released a Public Service Announcement (PSA) noting it has has received complaints reporting cybercriminals are targeting the online payroll accounts of employees in a variety of industries. According to the PSA, cyber criminals target employees through phishing emails designed to capture an employee’s login credentials. Once the cyber criminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account in order to change their bank account information. Rules are added by the cyber criminal to the employee’s account preventing the employee from receiving alerts regarding direct deposit changes. Direct deposits are then changed and redirected to an account controlled by the cybercriminal, which is often a prepaid card. The PSA includes a series of recommendations for mitigating the threat of payroll diversion. FBI IC3.