FBI Portland
Portland Media Office
(503) 460-8060
July 30, 2019

Oregon FBI Tech Tuesday: Building a Digital Defense Against Direct Deposit Scams

Welcome to the Oregon FBI’s Tech Tuesday segment. This week: building a digital defense against direct deposit scams.

We have been getting a number of reports lately from the FBI’s Internet Crime Complaint Center – or IC3.gov – about a particular scam hitting Oregonians hard in recent months.

Here’s how it works. An organization – it can be a government agency, private business, non-profit or educational institution – receives a request from an employee to switch the direct deposit of his paycheck from one account to another. The payroll department responds, sending the supposed employee the required paperwork. The payroll department receives the signed paperwork back, usually with a canceled check for the new account attached. This whole process can happen quickly, sometimes in just a matter of a couple of hours.

The problem is that a fraudster is spoofing the identity of a real employee. Neither the real employee nor the payroll department is aware that there is a problem until the next pay day when the employee doesn’t receive his check.

Employees should always check their bank accounts regularly to confirm that both direct deposits and any withdrawals are legitimate and timely. If you notice something that doesn’t seem right, start making calls right away.

Beyond that, here are some recommendations for employers:

  • Create protocols that require additional scrutiny to banking changes that appear to be requested by employees.
  • If using an online system for payroll changes, require that login credentials used for payroll purposes differ from those used for other purposes, such as employee surveys.
  • Use two-factor authentication on sensitive systems and information. This can be as simple as using tokens or systems that generate one-time PINs requiring people to verify their identity.
  • Set alerts on your systems so that unusual activity may be caught before money is lost. For example, you may get alerted if an alleged employee tries to change his direct deposit to an online bank typically used by fraudsters or is using a TOR network, which allows him to move around the Internet anonymously.
  • Companies can also set a time delay between the changing of direct deposit information in a self-service portal and the actual deposit of funds into the new account to decrease the chance of the theft of funds.

If you have been victimized by this online scam or any other cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.ic3.gov or call your local FBI office.