More than 450 workers at the United States Postal Service (USPS) lost more than $1 million in a direct deposit scam that left postal workers without pay, angry at the USPS for not heeding warnings of the scheme, and the agency scrambling to figure out exactly what happened.
What happened, according to a statement by the USPS quoted in a USA Today article, was the agency was “notified in December about an ‘unusual log-in activity involving a limited number of employees.’ In reality, cybercriminals had for months lured employees searching for their payroll system with a mirror-image-like website that reportedly tricked hundreds of employees into providing their usernames and passwords. The bad actors then used that information to sign in to the real system and reroute employees’ paychecks.”