Cybercriminals hacked into the U.S. Postal Service payroll system, leaving hundreds of mail carriers, handlers and service clerks without paychecks.
According to USA Today, the cybercriminals used a mirror-image of a website that lured postal employees searching for their payroll system.
The hackers tricked hundreds of employees into providing their usernames and passwords. The thieves then used that information to sign in to the real payroll system and reroute employees’ paychecks.
Many postal workers didn’t know their checks were stolen until they were notified in December.
Atlanta mail handler Joe Hoagland said his paystub revealed $900 had been taken out of his paycheck. He is furious that the USPS didn’t take action despite months of warning signs that hackers were in the payroll system.
“I’m the primary breadwinner in my family; this isn’t 200 bucks, this is $900 out of my check,” Hoagland said. “They knew about it for weeks and dragged their feet on telling us.”
Another postal employee said the Postal Service issued them a paycheck for $1.78.
A third postal worker said she didn’t notice anything wrong until all of her automatic payments bounced, which resulted in insufficient funds fees totaling $500.
The American Postal Workers Union says the hacking affected at least 460 of its members who lost at least one direct deposit, for a total of about $1 million.
Some banks returned $500,000 to the postal workers, but other banks said they were not at fault.
The US Postal Service also deflected blame, saying they did nothing wrong.
“We completely disagree,” said Charlie Cash, the union’s industrial relations director. “A lot of these workers in the middle class live paycheck to paycheck, and this happened just before Christmas.”
Kevin Gosschalk, founder and CEO of cybersecurity firm Arkose Labs, said such attacks are “tragically common.” He said the malicious websites come and go before action can be taken against them.
Experts say employees should never click on a link in an email or a text or search result to access a sensitive website. They should bookmark their site or type a URL manually into the browser.
Postal worker Joe Hoagland’s paycheck was re-issued by March, but he recently received notices that credit card applications were being canceled for cards he never applied for.
“I’m a realist; I know there are scammers out there,” Hoagland said. “You just have to protect yourself and realize (the threat) is never going away.”
