Paltry cybersecurity and slow-moving bureaucracy at the U.S. Postal Service meant hundreds of mail carriers, handlers and service clerks fell victim to a complex direct deposit scheme that left them without pay and angry that the federal government had failed to heed multiple warnings.
Postal leaders downplayed the incident, telling USA TODAY in a statement that they first were notified in December about an “unusual log-in activity involving a limited number of employees.”
In reality, cybercriminals had for months lured employees searching for their payroll system with a mirror-image-like website that reportedly tricked hundreds of employees into providing their usernames and passwords. The bad actors then used that information to sign in to the real system and reroute employees’ paychecks.
