MILWAUKEE -- Cybercriminals are apparently making a new attempt to get access to your bank account -- and the FBI recently issued a warning about the scammers' tactics.
The FBI alert says cybercriminals are targeting employees through phishing emails designed to capture your login credentials. Once they get that information, officials say the scammers use the credentials to access a person's payroll account in order to change their bank account information.
The FBI recommends the following to avoid becoming a victim:
- Instruct employees to hover their cursor over hyperlinks included in emails they receive to view the actual URL. Ensure the URL is actually related to or associated with the company it purports to be from.
- Instruct employees to refrain from supplying log-in credentials or personally identifying information in response to any email.
- Direct employees to forward suspicious requests for personal information to the information technology or human resources department.
- Ensure that log-in credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
- Apply heightened scrutiny to bank information initiated by employees seeking to update or change direct deposit credentials.
- Monitor employee logins that occur outside normal business hours.
- Restrict access to the Internet on systems handling sensitive information or implement two-factor authentication for access to sensitive systems and information.
- Only allow required processes to run on systems handling sensitive information.
The FBI encourages victims to report information concerning suspicious or criminal activity to their local FBI field office, and file a complaint with the IC3 at www.ic3.gov.