USPS workers targeted by fake website scam affecting payroll changes and paychecks.

Hundreds of USPS workers fell victim to a direct deposit scheme that left them without pay after cybercriminals lured employees searching for their payroll system with a mirror-image-like website that tricked them into providing their usernames and passwords. The USPS has denied responsibility, but unions representing postal workers have filed a grievance and are considering escalating the complaint to a national arbitrator. Experts say siphoned money is traditionally moved quickly through other financial networks, offshore or into cryptocurrency, which makes it hard for the justice system to follow the trail. Employees should avoid following links in emails or texts to access sensitive sites and employers should implement multifactor authentication and passwordless authentication including biometrics to safeguard direct deposit systems.