BBB Tip of the Week
The FBI has recently sent out an alert about a phishing scam that targets employees in order to redirect direct deposit paychecks to the scammers.
The scam arrives as an email, pretending to be from human resources, asking employees to update information in their payroll account. The links in the email actually go to a phony website made to look like the actual human resources website. Once the employee user name and password have been entered, the scammer has access to the real account. The thieves then change direct deposit information so that paychecks are delivered to a bank account controlled by the scammers.
So far thieves have targeted university employees. However, any employer with an online human resources portal could be targeted.
The Better Business Bureau and the FBI offer the following tips to avoid phishing scams:
• Use unique, strong passwords for each of your online accounts. Check out advice for strong passwords from the FTC at http://1.usa.gov/1JevnKT.
• Phishing and other scam emails are often plagued with misspellings, incorrect verb tenses, and inappropriate capitalization.
• Never click links or open attachments in suspicious emails.
• Check email links before you click them by hovering your cursor over the link. The actual link destination will show in a pop-up or at the bottom of your browser. If that destination is different from the text in the email or what you know it should be, don’t click it.
• Avoid email links for your online accounts altogether by going directly to the official website in your Internet browser.
• Never send passwords or other sensitive information, like credit card or bank account numbers, to anyone by email.
If you have been the victim of an online scam, you can file a complaint with the FBI’s Internet Crime Complaint Center at www.IC3.gov. If you’ve been targeted by a phishing scam, help prevent others from becoming victims by reporting it to the BBB at www.bbb.org or by calling (509) 455-4200.
By Erin T. Dodge, BBB editor