Fraud Alert: Employee and Annuitant Pay Account Takeovers

    Notice Contents

    FRAUD ALERT 2024-01

    Employee and Annuitant Pay Account Takeovers

    The U.S. Department of State (DOS) Office of Inspector General (OIG), Office of Investigations (INV), has become aware of a fraud scheme targeting the payroll accounts of Department of State employees and annuitants. Specifically, the subjects engaged in the scheme are using phishing, email account takeovers, and social engineering to redirect payroll deposits from the employees’ and annuitants’ bank accounts to the subjects’ bank accounts.

    The scheme originally targeted annuitant accounts. The subjects perpetrated the scheme by creating email accounts similar to those of the annuitants and using the spoofed email accounts to request changes to the direct deposit accounts of the annuitants. The scheme later grew to include phishing attempts against employees to obtain identifying information and directly hacking into Employee Express accounts and changing the bank deposit information. One phishing ploy the subjects used was to send emails with revised 1099 forms that appeared to come from the Bureau of the Comptroller and Global Financial Services (CGFS). Clicking a link on the 1099 would then potentially expose a victim’s computer to malware.

    To prevent being victimized, employees and annuitants should practice good cybersecurity habits (to include regularly changing passwords) and be vigilant in confirming the email addresses of alleged government agencies that send links or request sensitive information. Immediately report suspicious emails or other communications, such as texts and phone calls involving payroll, to CGFS and the OIG Computer Incident Response Team (CIRT).

    If you have information about fraud, waste, abuse, mismanagement, or other crimes or violations of federal laws, rules, and regulations relating to Department or U.S. Agency for Global Media programs and operations, please report it to the OIG Hotline. You can submit your complaint at

    The Hotline may be used for unclassified information only. To submit classified information, contact the Hotline at (800) 409-9926 or (202) 647-3320 for further instructions.