The phishing scam consists of an email asking for one's login information, which—of course—you should never be just handing out willy-nilly anyway. A CBS News report states that the scam has "especially" targeted workers in the education, healthcare, and commercial aviation fields.
"Once the cybercriminal has obtained an employee's credentials, the credentials are used to access the employee's payroll account in order to change their bank account information," the FBI said in a news release earlier this month, characterizing the scam as a "payroll diversion" tactic. "Rules are added by the cybercriminal to the employee's account preventing the employee from receiving alerts regarding direct deposit changes."
Then, the report added, the deposits are rerouted to a prepaid card accessible by the scammers. This means your hard-earned money would then be at immediate risk of being spent by someone who earned absolutely none of it.
Of course, to avoid the resulting headaches these tactics can easily cause, simply avoid clicking links in emails from addresses you don't recognize and keep a close watch on your bank account. Hopefully you already knew that shit.
From 2017 until this July, the reported number of confirmed scam victims has jumped from 17 to 47.