The State Department’s oversight office has issued a warning to current and former employees regarding a fraudulent scheme targeting their payroll accounts. The cybercriminals are focused on using phishing, email account takeovers, and social engineering to redirect employee payroll deposits into their own bank accounts. The scheme initially targeted annuity accounts linked to employees’ pension plans, utilizing spoofed email addresses to request modifications to their internal deposit information in the agency’s systems. It later evolved into phishing attempts, including realistic-looking communications aimed at retrieving login data for workers’ Employee Express accounts, a government platform for processing payroll transactions.
This sophisticated scheme also involved a spoofed IRS 1099 form, designed to covertly expose victims’ systems to malware, posing a significant risk to the security of federal employees’ sensitive information. The alert serves as a crucial reminder of the evolving tactics employed by cybercriminals to exploit vulnerabilities in payroll systems and emphasizes the need for robust cybersecurity measures and enhanced employee vigilance to thwart such fraudulent activities.
Reference:
