14 DAY TRIAL // The US Federal Bureau of Investigation (FBI) in collaboration with the Internet Crime Complaint Center (IC3) issued a public service announcement detailing a new phishing campaign targeting the online payrolls of US employees.
"The IC3 has received complaints reporting cybercriminals are targeting the online payroll accounts of employees in a variety of industries," says the report. "Institutions most affected are education, healthcare, and commercial airway transportation. "
According to multiple complaints received by IC3, threat actors are using social engineering techniques to gather information on employees to be able to devise custom phishing e-mails which ask for login credentials.
After the crooks get their hands on an employee's credentials, they go straight into their online payroll account and change the bank account information to redirect funds to their own.
The bad actors behind the phishing scheme are quite astute at what they're doing since they also take great care to disable any future direct deposit alerts reaching the victim's e-mail or phone.
The attackers use a combination of e-mail phishing and social engineering to steal payroll login credentials
As discovered by IC3, the attackers will change the bank account of the victim with a prepaid card account they own, to avoid detection and to prevent any law enforcement agencies that might get their hand on their info to find them.
The FBI and the IC3 also have some recommendations for mitigating this e-mail phishing-based payroll diversion attack,
Thus, employers should make sure that all their employers know about this phishing campaign and train them on how to prevent and react if they are targeted by an attacker.
Employees must make sure that all links they receive in e-mails are associated with the individual or company contacting them, and to not use the same password for their payroll as for other online services.