For many, the convenience of having a paycheck deposited directly into their checking account is something they have come to rely on. It provides a no-hassle way to ensure that money is available for bills to be paid on time.
As with any banking transaction, however, scam artists are always looking for new ways to try to get their hands on your money. That now includes a form of phishing that takes aim directly at victims’ wallets and targets their direct deposit information.
Here's how it works:
An employee receives an email that mimics a trusted source. The e-mail asks the employee to click on a link, go to a website or answer a survey. Then, it directs the employee to “confirm” his or her identity by providing his or her log-in credentials. Skeptical employees who reply to the email are given a quick response, verifying the employee should complete the steps contained in the email.
The scam artists then use the employee’s log-in credentials to access payroll portals, reroute direct deposits to other accounts and jeopardize the employer’s network. In some versions of the scam, hackers access employee e-mails to request a password change from the employer’s payroll service, and then use the new log-in credentials to change direct deposit instructions.
According to the Better Business Bureau, some of the ways employees can try to avoid becoming victim to this kind of theft include the following:
Got a question for the BBB? Contact Regional Director Kelly Trevino at email@example.com.
Can't find something?