There’s a new phishing scam to look out for, according to the FBI, and this one directly targets your paycheck. As WJHL reports, cyber-criminals are hacking into employees’ payroll accounts and rerouting their direct deposits.
The scam has grown from 17 reported cases in 2017 to 47 as of this past July, enough for the FBI to release an announcement warning the public of the security threat. The scam starts with an email asking a worker to share the login credentials to their employee account. Law enforcement officials say to be overly cautious regarding any emails asking about your payroll, as the fake message reportedly looks very convincing.
Once the scammers have the information they need, they infiltrate the employee’s account and update it to deposit future paychecks to a prepaid card. On payday, the thieves use these cards to withdraw cash or make purchases—often before the worker has a chance to realize what’s happened. Over $1 million have been stolen this way in 2018.
The scam has been targeting school districts, universities, and hospitals, but anyone who uses direct deposit at their job should be on alert for suspicious emails. Be wary of messages you receive outside of normal work hours: This is when many phishing emails are sent. If an email contains a link, hover your cursor over it before clicking to confirm the URL is associated with your workplace. And even if you don’t see any immediate red flags, forward emails that ask for your login credentials to your HR department to make sure they’re legitimate. For more common phishing scams, check out our list.