Cyber criminals are impersonating trusted employee self-service websites to steal victims’ personal and financial information, the FBI warns. The scheme primarily targets users of employee self-service platforms, including those used by companies and government services. Scammers use search engine ads to trick individuals into visiting fake websites that look legitimate but are designed to harvest login credentials and financial details.
The fraudulent ads misdirect users to phishing sites where they unknowingly input sensitive information. Once victims log in, their data is stolen, enabling criminals to carry out fraudulent activities such as wire transfers and redirection of payments. While the criminals previously focused on small business accounts, their focus has now shifted to payroll, unemployment programs, and health savings accounts, targeting individuals’ finances directly.
The scammers often pose as customer service representatives, manipulating victims into sharing one-time passcodes. They may also design convincing phishing pages that prompt users to enter their login credentials. By doing so, they gain access to bank accounts, reroute paychecks, and potentially use stolen identities to open new accounts or conduct further fraudulent activities.
The FBI urges Americans to be cautious when clicking on online ads. The agency advises users to type URLs directly into browsers, use ad-blocking extensions, and navigate using bookmarks or favorites. Additionally, individuals should be aware of social engineering techniques designed to trick them into sharing sensitive information.
