If your paycheck hits your bank account through direct deposit, be on the lookout for emails requesting personal information including log-in credentials — they could be a phishing scam by hackers who want to access your bank account.
The Federal Bureau of Investigation (FBI) has released a warning in regards to hackers targeting direct deposit paychecks. Industries such as education, healthcare and commercial airway transportation have experienced these recent threats through phishing emails.
The FBI warning comes as cyber criminals target the online payroll accounts of employees in a variety of industries, especially those in education, healthcare and commercial aviation.
What is phishing? It’s a scam that involves targeting employees through phony emails designed to bait the reader — hence the word “phishing” — and capture their login credentials. The login credentials are used to access individual payroll accounts in order to change bank account information, according to the agency; the cyber thieves then block alerts to consumers warning of changes to their direct deposits, which are then redirected to another account, often a prepaid card controlled by scammers.
Cybercriminals are attempting to access employee login credentials in order to login and change bank routing information and move funds to a pre-paid card. Once the change has been made in the employee’s account, an additional block is also implemented so that the employee will not be alerted to bank information edits in the system.
Those receiving paychecks through automated direct deposit accounts should be attentive to changes in their settings. Users should confirm that the account listed is accurate and be weary of emails asking for any login information. Passwords to bank accounts should also be unique and secure as to prevent any financial hacking attempts.
Employees should hover their cursor over hyperlinks in any emails to view the URL to ensure it’s actually related to the company it purports to be from, and any suspicious requests should be forwarded to company IT or HR departments, the FBI advised.
Most importantly, do not supply login credentials or personally identifying information in response to any email, the agency said.
The alert follows complaints to the FBI’s Internet Crime Complaint Center, or IC3, the agency said in a public service announcement last week.