The FBI Warns of Cybercriminals Trying to Steal Paychecks by Rerouting Direct Deposits

Published on

A public service announcement issued by the FBI Internet Crime Complaint Center (IC3) warns of cybercriminals trying to obtain login credentials to online payroll systems in order to reroute direct deposit paychecks into their own bank accounts. Take a little time to help ensure that your paycheck arrives safe and sound, and be alert to the payroll diversion scam.

What Is Payroll Diversion?

A wide variety of tactics are reportedly used for this socially engineered scam.

In one version of the scam, cybercriminals send phishing emails that convincingly look like they come from an employer’s HR department. (Remember, scammers often use email spoofing to make a message seem like it originates from a legitimate or familiar source.) The phishing email may claim that the employee needs to update or confirm their payroll system login information. Scammers may then provide a link to a website that accurately mimics the employer’s payroll system website, but is actually run by the scammers and enables them to collect employee login information.

In another take on the scam, the employee may receive a phishing email–again, that looks like it comes from a legitimate company account—to respond to a survey.  But instead of taking a legitimate work-related survey, the employee may be directed to a fraudulent online form where they are prompted to enter username and password—and unknowingly hand those login credentials directly over to scammers.

Cybercriminals have even been brazen enough to call a company’s employee resource hotline in some cases, providing some of the employee’s personal information to reset their password and subsequently take over the direct deposit.

Regardless of the method used, once the cybercriminals get their hands on the login credentials, they may try to access the online payroll account with the goal of changing the employee’s bank account information to their own and stealing the employee’s paycheck. The criminal may even alter the notification rules to ensure that the victim isn’t alerted to the change.

The scam doesn’t typically last long, as most people notice if they haven’t received their paycheck, but the scammers can manage to get their hands on at least some of the money.

How to Better Avoid Payroll Diversion and Other Phishing Attacks

To better protect yourself from payroll diversion scams and other types of phishing attacks, read the Federal Trade Commission’s tips on how to better detect and avoid phishing.

If you believe you are a victim of payroll diversion or another scam, report the incident to the local FBI field office, file a complaint with the FBI Internet Crime Complaint Center (IC3) at, and inform your employer so they can warn other employees and help stop the payroll diversion.

Comments are closed.

%d bloggers like this: