Today, companies are faced with scams from all fronts, including payroll fraud. Businesses large and small can become targets of this scam. The goal is to have employees’ payroll direct deposits moved to a bank account controlled by the scammer. Social media easily provides enough information about a person’s employment and scammers use social engineering methods to appear to be an employee requesting a payroll direct deposit change.
Here’s an example of how easily this type of scam can be accomplished:
Joe Smith, a sales executive at ABC Medical Supplies, actively uses his LinkedIn profile for networking purposes. His list of LinkedIn connections includes one of the Human Resources employees at ABC Medical Supplies. A scammer uses this information and successfully infiltrates the HR representative’s email using social engineering. Then, the scammer sends an email to the HR rep appearing to be from Joe Smith requesting to change the bank account to which his payroll direct deposit is being made. The HR rep sees that the email came from Joe Smith’s company email address and makes the change. Joe’s next payroll direct deposit gets paid to the scammer’s account and is drained immediately.
Consider some simple best practices to protect against payroll fraud:
- Implement a change verification process for all payroll change requests. Verifications can be done verbally, by postal mail, or by email using an alternate email previously provided.
- For smaller businesses, consider mandating that change requests be made in-person. Document the request on paper, signed by both employee and HR representative.
- For larger businesses, consider using a payroll management system that requires an employee to log in with unique credentials and layers of security like multifactor authentication.
- Take all measures to ensure information security like software patch updates and password security.
If you believe you or your business is the victim of payroll fraud or would like more information, please contact our dedicated Fraud Support team at 833-488-4723.
Find more resources to help protect yourself from fraud on our website here.
