Industry Alert – FBI Warns of Cybercriminals Targeting Payroll Accounts

September 21, 2018

The Federal Bureau of Investigations (FBI) has issued a new warning about cybercriminals targeting online payroll accounts of employees in a variety of industries. Institutions most affected are education, healthcare, and commercial airway transportation.

The FBI notice states Cybercriminals target employees through phishing emails designed to capture an employee’s login credentials. Once the cybercriminal has obtained an employee’s credentials, the credentials are used to access the employee’s payroll account in order to change their bank account information. Rules are added by the cybercriminal to the employee’s account preventing the employee from receiving alerts regarding direct deposit changes. Direct deposits are then changed and redirected to an account controlled by the cybercriminal, which is often a prepaid card.

To mitigate the threat of payroll diversion the FBI recommends educating employees on how to recognize and report a suspicious email. For more information or to view the Public Service Announcement visit the FBI’s ic3 page:

Protecting client data from malicious activity is a top priority for ADP.
If you ever receive a suspicious email that appears to be from ADP, follow the instructions below to report it:

  • Do not click on any links or open any attachments within the message.
  • Hover over hyperlinks to verify the actual URL so you know where the link is taking you.
  • Forward the email as an attachment to
  • Delete the email.
  • If you clicked any link or opened an attachment in the email, immediately contact your IT support.

ADP investigates reported phishing attempts and, if necessary initiates take down services or issues client alerts. You will not receive a response about the results of your reported email. ADP will only contact you if additional information is needed for their investigation.

Additional Information
For more information about how ADP protects our clients, please visit for the latest security alerts, phishing information, security resources and best practices. Protecting ADP clients and their data from malicious activity has been, and always will be, a top priority for ADP.