April 29 2019

Police Say Director Deposit Scam Once Again On the Rise


The Burlington Police Department is warning of the return of a scam that attempts to get your pay before it even hits your bank account.

“Do you do Direct Deposit?,” police asked in a Facebook post. “This is a warning from the FBI last year but there has been a recent upswing in this activity.”

According to police, the FBI’s Internet Crime Complaint Center says to be aware of fraudsters who are targeting your paycheck via direct deposit.

“Any worker can be affected by this scam, but the industries getting hit the hardest include education, health care, and commercial airway transportation,” a release from the FBI states.

Here’s what happens: the scammers uses your work login info to get into your employer’s HR system to replace your direct deposit information with his own.

It starts when an employee receives an email that looks just familiar enough that he doesn’t question it too much, the FBI release explains. The email includes a link or web address that the user clicks on. Once he clicks, he will be directed to a fraudulent site or portal where the victim will be asked to enter his work credentials to confirm his identity. The scammers use that login ID and password to change the employee’s direct deposit information in the company’s files. Often, the fraudsters even change other account settings in the system, preventing the victim from receiving an email warning that changes have been made to his account.

Here’s how employees can avoid being scammed:

- Make sure you verify with your employer that a suspicious email is valid. Send it to your office’s HR or IT departments for confirmation.

- Keep an eye out for any misspelled words, odd phrasing, and poor grammar. These could be indications that the email is coming from elsewhere in the world.

- If the email includes any links to web pages, hover your mouse over the link and confirm that the URL is exactly the same as that used by the payroll company. Don’t click if you are not 100% sure.

Here are some steps that businesses can take to protect their employees:

- Teach your employees what a phishing scam is and how to avoid it.

- Require that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.

- Use two-factor authentication on sensitive systems and information.

- Create protocols that require additional scrutiny to banking changes that appear to be requested by employees.

“In the end, a little extra hassle in the short term may prevent a big headache in the long run,” the FBI says. “As always, if you have been victimized by a cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.”


Web Design by Polar Design