The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) is warning US payroll departments about a wave of attacks intended to steal employees' login credentials and break into their online payroll accounts.
According to Dark Reading, criminal gangs send their targets phishing emails designed to trick them into revealing their login details. They then use these credentials to access employees' payroll, change their bank account data and add new rules, which mean the victim fails to receive alerts regarding direct deposit changes.
At this point, IC3 warned, money is redirected to an account controlled by the attackers, usually a prepaid card. The Center advised employers to alert staff to the rising incidence of the scheme and to educate them on both reactive and preventative measures.
For example, they should be instructed to hover their cursor over hyperlinks in emails in order to view the URL and ensure it relates to the company it claims to be. They should also know not to provide login data or other personally identifiable information in response to any email.
Payroll login information should likewise differ from credentials used for other purposes, the report continued, and more scrutiny should be given to bank information provided by employees who ask to update their direct deposit information.
Elsewhere, two men have been sentenced to jail time by a US federal court for using stolen identities to open bank accounts and fraudulently obtain federal income tax refunds.
Doherty Kushimo, of Rhode Island, was sentenced to eight years in jail and ordered to pay US$335,725 for conspiracy to commit wire fraud and aggravated identity theft, Erie News Now reported. He sold stolen identities that were used to open bank accounts and file fraudulent federal tax returns. The bank accounts were then used to collect federal tax refunds.
Adebola Mejule, of New York, was sentenced to five years in jail after likewise being convicted on conspiracy to commit wire fraud by using stolen identities in order to fraudulently obtain federal income tax refunds. Mejule stole the identities from his employer, New York Social Services, before giving them to two co-defendants to use in preparing fraudulent tax returns, according to court documents.
Mejule opened bank accounts using stolen identities and directed the others to do the same, the court said. The bank accounts were used to electronically collect fraudulently-obtained federal income tax refunds. Mejule then had the account holders return the lion’s share of the deposits to him.
Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.
OTHER ARTICLES THAT MAY INTEREST YOU
Eight steps to prevent payroll fraud
US payroll clerk convicted of grand theft
The Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center (IC3) is warning US payroll departments about a wave of attacks intended to steal employees' login credentials and break into their online payroll accounts.
According to Dark Reading, criminal gangs send their targets phishing emails designed to trick them into revealing their login details. They then use these credentials to access employees' payroll, change their bank account data and add new rules, which mean the victim fails to receive alerts regarding direct deposit changes.
At this point, IC3 warned, money is redirected to an account controlled by the attackers, usually a prepaid card. The Center advised employers to alert staff to the rising incidence of the scheme and to educate them on both reactive and preventative measures.
For example, they should be instructed to hover their cursor over hyperlinks in emails in order to view the URL and ensure it relates to the company it claims to be. They should also know not to provide login data or other personally identifiable information in response to any email.
Payroll login information should likewise differ from credentials used for other purposes, the report continued, and more scrutiny should be given to bank information provided by employees who ask to update their direct deposit information.
Elsewhere, two men have been sentenced to jail time by a US federal court for using stolen identities to open bank accounts and fraudulently obtain federal income tax refunds.
Doherty Kushimo, of Rhode Island, was sentenced to eight years in jail and ordered to pay US$335,725 for conspiracy to commit wire fraud and aggravated identity theft, Erie News Now reported. He sold stolen identities that were used to open bank accounts and file fraudulent federal tax returns. The bank accounts were then used to collect federal tax refunds.
Adebola Mejule, of New York, was sentenced to five years in jail after likewise being convicted on conspiracy to commit wire fraud by using stolen identities in order to fraudulently obtain federal income tax refunds. Mejule stole the identities from his employer, New York Social Services, before giving them to two co-defendants to use in preparing fraudulent tax returns, according to court documents.
Mejule opened bank accounts using stolen identities and directed the others to do the same, the court said. The bank accounts were used to electronically collect fraudulently-obtained federal income tax refunds. Mejule then had the account holders return the lion’s share of the deposits to him.
Emma Woollacott is a freelance business journalist. Her work has appeared in a wide range of publications, including the Guardian, the Times, Forbes and the BBC.
OTHER ARTICLES THAT MAY INTEREST YOU
Eight steps to prevent payroll fraud
US payroll clerk convicted of grand theft
