The FBI warns that cyber criminals are posing as HR employees and using a phishing scam to get employees to provide the scammer with access to the company’s self-service payroll platform.

When employees click on the link within the scammer’s email and provide the requested information, they unknowingly provide the scammer with their W-2 and pay stub information. The scammer can then change direct deposit instructions, passwords, credentials and email addresses linked to the account to avoid detection. In the majority of cases, employers were not aware of anything until workers reported they weren’t receiving their wages.

To prevent this from happening at your organization, please review the FBI’s suggestions to keep your employees safe:

  • Practice good e-mail hygiene. Train your employees to watch for phishing attacks and suspicious malware links. Always checking the actual e-mail address rather than just looking at the display name can be crucial to seeing the attack early. 
  • Human Resources self-service platforms should have two-factor authentication. An example would be requiring users to enter a second password that is e-mailed to them or a hard token code. 
  • Self-Service platforms should also have alerts set up for administrators so that unusual activity may be caught before money is lost. These alerts may include banking information being changed to online banks typically used by fraudsters or alerts on TOR node IP addresses. 
  • Companies can set a time delay between the changing of direct deposit information in the self-service portal and the actual deposit of funds into the new account to decrease the chance of the theft of funds.


For more information on e-mail security concerns, check out our Sentinel Safeguards.

Related Critical Cyber Exploits Affect Nearly All Computers