Views 74

Payroll Fraud Alert: Direct Deposit Scam

Recently, there has been an increase in the number of employers across the country who have been targeted by payroll fraudsters. Scammers continue to get more resourceful, cunning, and technically savvy in their attempts to defraud victims by gaining access to financial accounts as well as valuable personal information.

Direct Deposit Change Request

The person who is responsible for processing payroll receives an email communication that seems to come from one of their staff.  The email requests information on how to make a change to their direct deposit account and typically implies some sense of urgency. Typically, the sender seeks to inactivate the old direct deposit account and replace it with a completely new account.

payroll fraud e-mail example

In most cases, employers act in good faith to complete what seems to be a legitimate request.  It is only discovered after the fact that the email did not actually come from an employee, but rather came from someone who is trying to engage in a scam to divert funds. In some cases this may be only be brought to light after the employee misses one or two payroll payments, potentially causing financial distress and late penalties for the employee. The success rate that hackers are experiencing with this type of threat is very high – high enough to compel them to continue getting more and more clever.

Hacker Sophistication

Payroll diversion fraud regularly slips past legacy defenses such as secure email gateways and anti-spam filters because:

  • Fraudulent emails don’t have malicious attachments: Security technology solutions scan for URLs or attachments that contain malware. However, payroll diversion schemes accomplish their mission without malicious links or attachments.
  • Fraudulent emails are targeted: Payroll diversion fraud attacks are not mass-produced phishing emails, scatter-gunned at thousands of targets. These are spear-phishing attacks. The criminals often research their victims through social engineering, gathering personal information, and even emailing when the target employee is on vacation, giving the fraudster more time to avoid detection.
  • Fraudulent emails aren’t easy to detect: Simple pattern matching or metadata-based detection can’t catch payroll diversion fraud attempts.

How to prevent payroll fraud

Payroll diversion fraud is a concern for all businesses. Preventing it can seem hopeless if you don’t have the proper people and processes in place to combat it. Because an employee will not be aware that their name is being spoofed in a fake email, the majority of the responsibility falls on the HR\payroll Dept. to verify all emails that include changes to an employee's payroll information. Having a company-wide policy that any account changes must be verified with the employee is a good policy to have.

  • Always verbally verify with the requesting employee that they submitted the request.
  • Require a voided original check with banking information along with a completed direct deposit form before making changes.
  • Consider utilizing the Employee Self Service functionality within your payroll service\software to allow employees to make Direct Deposit updates themselves.
  • Review Company policy for publishing email addresses and contact information for staff on your website, since this provides cybercriminals with easy access to information to pose as legitimate employees and perpetuate their scheme.

Pro tip: Monday and Tuesday tend to be the most popular days of the week for payroll diversion scams, followed by the second and last weeks of the month. Be on the lookout for subject lines that include “Direct Deposit” as they could be email fraud signals.

If you have any questions, please feel free to contact us at: (201) 720-3775

We Offer:

  • Microsoft Silver Certified Partner
  • Dynamic Support | Managed IT
  • Cloud Computing for Business
Our NJ Services AreaOur NJ Service Area