Hackers Do a Payroll Diversion Through Phishing A direct deposit paycheck hack involves getting the necessary details from the victim through a phishing scheme. According to a statement about from the FBI’s Internet Crime Complaint Center (IC3), cybercriminals orchestrate the phishing attempt — which the FBI calls a “payroll diversion” — to get the details for a person’s online payroll account. Once successful, the hacker changes the account details for the direct deposit payments to an account they control. Typically, the hackers set up accounts with free email services and create accounts containing a real employee’s name. Trustwave covered BEC payroll hacks in a blog post and mentioned that cybercriminals often make the phishing emails seem to originate from a company’s CEO and go to a human resources or accounting manager, or someone else with the ability to alter an employee’s direct deposit account information. Do the same if someone from payroll emails you asking for your direct deposit details to “update their records.” Another thing you can do is check the structure of the email.