State Department warns employees of fraud scheme targeting payroll systems

The State Department’s oversight office is warning current and former employees to be cautious of a fraudulent scheme targeting workers’ payroll accounts.

The Monday alert said that cybercriminals are attempting to use “phishing, email account takeovers, and social engineering” to veer employee payroll deposits into their own bank accounts.

The scheme first targeted annuity accounts, which are linked to employees’ pension plans, by creating email addresses that looked similar to annuitants and used those spoofed accounts to request changes to their internal deposit information in the agency’s systems.

It later evolved into phishing attempts where realistic-looking communications were sent in an attempt to retrieve login data for workers’ Employee Express accounts, a government platform that helps federal employees electronically process their payroll transactions.

One of those phishing attempts included a spoofed IRS 1099 form that, if clicked on, would covertly expose victims’ systems to malware, the agency said.

Federal login data has repeatedly been a target of malicious actors. The Federal Communications Commission in early March confirmed it was the target of a phishing scheme in which hackers built a cloned version of an agency verification site to siphon login credentials used by staff to authenticate their identity.