FBI: Hackers Rerouting Direct Deposits

There are hackers rerouting direct deposits so FBI has warned that the hackers have started targeting the direct deposit checks in the recent scheme that is circulating a large variety of industries. 

Also, according to the alert from FBI, they have gotten some complaints regarding cybercriminals that they are using different phishing emails in order to capture the login credentials of an employee. Once they get access, these hackers alter the bank account info as well as redirect funds to the account that they control. It’s usually a prepaid card.

And the worse thing is the officials say that hackers find to keep that employee from getting alerts regarding direct deposit alterations, so this is quite possible you will not even know that your paycheck has been rerouted.

In order to keep your paychecks from rerouting, the FBI actually encourages you for forwarding any kind of suspicious requests for the personal info to human resources or information technology department at the company.

Further recommendations from the FBI are:

Following are some recommendations as the hackers rerouting direct deposits

• Educate as well as alert your employees about the scheme that includes preventative strategies and suitable reactive measures must some breach happen.
• Instruct your workforce to hover their cursors over the hyperlinks that include in the emails that they get to see the actual URL. Make sure that the URL is associated with or related to the organization this purports to be from.
• Also, instruct your employees to stay away from giving personal information or log-in credentials in response to some email.
• Direct your workforce to forward all suspicious requests for the personal info to human resources or information technology department.
• Make sure that the log-in credentials that are used for the payroll purposes actually vary from those which are used for some other purposes including employee surveys.
• You need to apply the heightened scrutiny to the bank info started by the employees that are seeking to change or update the direct deposit credentials.
• Also, monitor the employee logins which happen outside the business timing.
• Restrict the access to the Internet on the systems that handle sensitive info and implement 2-factor authentication to access the sensitive information as well as systems.
• Just allow needed processes for running on the systems that handle sensitive info.

The FBI also encourages the victims to report info concerning criminal or suspicious activities to the local FBI office. Then, they file their complaint with IC3 at www.ic3.gov. In case the complaint is according to this specific scheme then note the payroll diversion in the complaint body.

FBI Warning

The FBI warns all those who have the direct deposit paycheck set up. Officials are saying that the cybercriminals are targeting the online payroll check accounts at hospitals, school districts, and universities. 

In a few cases, the officials also say that employers have discovered the scam just when their employees begin complaining that they have not received their paychecks through direct deposit. 

How a Scam does Work

The officials say that this does start with the phishing email which actually tricks one into the forking over login credentials. According to the FBI, the email might look quite real. 

When the scammer gets your credentials, then the scammer might now use this information in order to get the payroll account for changing direct deposit. The money is deposited directly onto the prepaid cards. 

Then the scammers use these prepaid cards in order to get the cash withdrawals from the ATMs or might make some purchases at the food restaurants, gas stations, retail stores, grocery stores, among others. 

Increasing Rate of Scams

The FBI told that they have seen some increase in such kind of scams. In the year 2017, the Internet Crime Complaint Center and FBI had reported around seventeen payroll scam cases. 

Plus, in July 2018, there’re about forty-seven reported cases and the losses totaling 1 million dollars. How could you actually escape yourself from such scamming? The officials say that you should not provide the log-in information in response to some email. And, do not give reply as well as don’t click on the suspicious links. 

You need to keep this in your mind that the phishing emails are sent typically outside the business hours. In case you suspect that you’re being victimized or even have received the phishing email then forward a suspicious request to the HR or IT departments.