​Computer and Technology Crime High-Tech Response Team

SCAM OF THE WEEK: wAVE OF PAYROLL Direct Deposit Phishing attacks

A new wave of phishing scams has circulated throughout the internet. It involves phishing employees with a website that is similar or almost

​identical to payroll portals or payroll service providers. It's a sophisticated scam that starts with an official-looking email that asks you to click a link and access a website.  Next, they ask you to confirm with data of your real username and password. They use your info to access payroll portals, and reroute your direct deposits to other bank accounts. Never give your credentials in an email... Think before you click!

Here is a scenario provided by Lexology from Ogletree Deakins by Rebecca J. Bennett and Danielle Vanderzanden:

  • Employee receives from a company email account that mimics a familiar and trusted company service or resource
    • ​Example: An e-signature request or a request to complete a survey
  • Email requires an employee to click a link, access a website, or answer a couple questions. 
  • Website asks employee to enter login credentials to "confirm" their identity
  • Employees who question the request through replying to the email may receive a prompt or an automated response informing the employee to complete the steps above
  • An employee's login credentials may be used to access their payroll portal and reroute direct deposit into other account
  • Login credentials may also be used to change your password
  • Some versions of the scam will use information filled from the questionnaire or survey to request a new password from payroll portal

Bennet and Vanderzanden have the following advise:

"The threat actors are doing substantial due dillgence on the social engineering side of things, and these e-mails look real. In many circumstances, they are effectively spoofing the sender's account and employers are learning of the scam when employees begin reporting that they did not receive their direct deposites. By then, the damage has been done."

  • Alert your workforce of this scam
  • Employees should forward any emails in question to their IT department or HR department, rather than replying to the email
  • Login credentials or personal identifying information should be not be exchanged through email
  • If possible, establish multi-factor authentication
  • Use a separate and different password for your payroll service login from other logins


Cyber criminals have stolen 143 million credit records in the recent hacking scandal at the big-three credit bureau, Equifax
​At this point you have to assume that the bad guys have highly personal information that they can use to trick you 

You need to watch out for the following things:

  • Phishing emails that claim to be from Equifax where you can check if your data was compromised.
  • ​Phishing emails that claim there is a problem with a credit card, your credit record, or other personal financial information
  • Calls from scammers that claim they are from your bank or credit union
  • Fraudulent charges on any credit card because your identity was stolen 

Here are​ 5 things you can do to prevent identify theft:

  • First sign up for credit monitoring (there are many companies providing that service including Equifax but we can't make a recommendation)
  • Next place a fraud alert with one of the major credit bureaus Equifax, Experian and TransUnion.  ​Placing a fraud alert is free and stays on your credit report for 90 days
  • Check your credit reports for free at
  • Check your bank and credit card statements for any unauthorized activity
  • If you believe you may have been the victim of identity theft, here are two sites where you can learn more about how to protect yourself and

Think Before You Click!


To keep updated with current scams, The Federal Trade Commission (FTC) provides scam alerts you can sign up for via email.
​These scam alerts include information on what to know and what to do about the latest scams.

For more information visit:


According to the Internal Revenue Service (IRS), phishing is a scam carried out through phone calls, unsolicited email and/or websites that pose as legitimate sites to lure unsuspecting victims to provide personal and financial information.

​Here are some current examples of phishing:​

  • If you receive an email from the Taxpayer Advocacy Panel (TAP), regarding your personal tax information, it is a scam. TAP never requests and doesn't have access to any taxpayer's personal and financial information 
  • If you receive a phone call, email message, or any type of contact from the Internal Revenue Service (IRS) regarding your personal or financial information it is a scam 

  • The IRS will never initiate contact with the taxpayer by email, text message or social media to request personal and financial information 

​To report phishing please call: (800) 366-4484 or visit:
Here are current tax scams in relation to phishing:​

Tech support phone scams are when cybercriminals call claiming to be from either Microsoft or any company that provides some type of computer support services. They offer to help resolve any complications with computers or even sell a software license. If given access to a computer, the cybercriminals are able to install malicious software that could steal sensitive information or download software that will allow them to take over your computer. A request for credit card information will be asked to bill you for their "services."

Microsoft does not make unsolicited phone calls. For more information regarding tech support scams please visit:


Ransomware is malware that locks a computer and shows a warning demanding a payment to unlock the computer. When a computer is locked, it is typical for the ransomware warning to state that there has been a violation of federal law, while also displaying a logo from a government agency. Do not pay the ransom! Report ransomware to the Internet Crime Complaint (IC3):

For Further Information on Internet Crime Complaint: ​

You may need to seek the services of a computer specialist to look at your computer and remove the ransomware.
For more information on ransomware please visit:


The arrest warrant scam is when a cybercriminal sends a victim a fake arrest warrant, via email or fax, stating a federal law enforcement officer or an attorney of a government agency wants to arrest them with charges such as money laundering, bank fraud, or missing jury duty.On the arrest warrant, it states to send money to avoid arrest. A valid warrant would be served in person by a U.S. Marshal or other law enforcement officer. Do not send money!

Report arrest warrant scams to the Federal Bureau of Investigation (FBI) or the U.S. Marshals Office.
U.S. Marshals Office