FBI - Oregon
Emergency Messages as of 7:49 am, Fri. Mar. 29
No information currently posted.
Subscribe to receive FlashAlert messages from FBI - Oregon.
Primary email address for a new account:

  
And/or follow our FlashAlerts via Twitter

About FlashAlert on Twitter:

FlashAlert utilizes the free service Twitter to distribute emergency text messages. While you are welcome to register your cell phone text message address directly into the FlashAlert system, we recommend that you simply "follow" the FlashAlert account for FBI - Oregon by clicking on the link below and logging in to (or creating) your free Twitter account. Twitter sends messages out exceptionally fast thanks to arrangements they have made with the cell phone companies.

Click here to add FBI - Oregon to your Twitter account or create one.

@FBIPortland

Hide this Message


Manage my existing Subscription

News Release
TT - Payroll Phishing Scams - GRAPHIC
TT - Payroll Phishing Scams - GRAPHIC
Oregon FBI Tech Tuesday: Building a Digital Defense Against Payroll Phishing Scams (Photo) - 10/16/18

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: Building a digital defense against payroll phishing scams.

The FBI’s Internet Crime Complaint Center is out with a new warning about fraudsters who are targeting your paycheck via direct deposit. Any worker can be affected by this scam – but the industries getting hit the hardest include education, healthcare and commercial airway transportation.

Here’s what happens: the bad guy uses your work login info to get into your employer’s HR system to replace your direct deposit information with his own.

It starts when an employee receives an email that looks just familiar enough that he doesn’t question it too much. The email includes a link or web address that the user clicks on. Once he clicks, he will be directed to a fraudulent site or portal where the victim will be asked to enter his work credentials to confirm his identity. The bad guys use that login ID and password to change the employee’s direct deposit information in the company’s files. Often, the fraudsters even change other account settings in the system, preventing the victim from receiving an email warning that changes have been made to his account.  

Here’s how employees can avoid being scammed:

  • Make sure you verify with your employer that a suspicious email is valid. Send it to your office’s HR or IT departments for confirmation.
  • Keep an eye out for any misspelled words, odd phrasing and poor grammar. These could be indications that the email is coming from elsewhere in the world.
  • If the email includes any links to web pages, hover your mouse over the link and confirm that the URL is exactly the same as that used by the payroll company. Don’t click if you are not 100% sure.

Here are some steps that businesses can take to protect their employees:

  • Teach your employees what a phishing scam is and how to avoid it.
  • Require that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
  • Use two-factor authentication on sensitive systems and information.
  • Create protocols that require additional scrutiny to banking changes that appear to be requested by employees.

Iin the end, a little extra hassle in the short term may prevent a big headache in the long run. As always, if you have been victimized by a cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.

###

View more news releases from FBI - Oregon.