Companies are being scammed for thousands of dollars and they may not even realize it.
In recent years, there has been a troubling resurgence of payroll diversion scams, a form of phishing that poses significant risks to both organizations and their employees. These scams are usually in the form of a scammer posing as an employee who is contacting HR or another member of the company to request to change their direct deposit information. Read on to take a closer look at how to identify and prevent payroll diversion scams from happening to you.
Understanding Payroll Diversion Scams
At its core, payroll diversion fraud involves the unauthorized redirection of an employee’s paycheck to a bank account controlled by cybercriminals. This scam is typically executed through phishing techniques, where senior leaders, HR representatives, or trusted organizations receive emails masquerading as communications from employees or HR representatives urging immediate action or changes to direct deposit information.
These phishing emails are meticulously crafted, often replicating the company’s branding and email format with alarming accuracy, to deceive employers into updating employees’ direct deposit information, rerouting paychecks to the scammer’s accounts. Once the payroll deposit is made into the scammer’s account, it becomes near impossible to get back.
Identifying and Preventing Direct Deposit Scams
Key indicators of a payroll diversion attempt include unexpected emails requesting personal or financial information, pressure to act swiftly, and generic or inaccurately addressed communications. Knowing what to look for can help you prevent catastrophe.
Common Warning Signs Include:
Signature Discrepancies
Be cautious with direct deposit change forms that come with an attached signature. Despite the prevalence of electronic signatures, they warrant extra scrutiny until the authenticity of the request is confirmed. Watch out for clear errors, such as misspellings or names appearing in reverse order, which serve as indicators of possible deceit.
Requirement of a Voided Check
Demanding a voided check or a bank encoding form with any direct deposit alteration request is a sound practice. Their absence should prompt doubts about the legitimacy of the request. These documents are crucial for confirming that the provided bank details indeed belong to the employee in question.
Email Domain Inconsistencies
Be alert to emails that purport to be from trusted entities like your banking institution or well-known companies but originate from mismatched or suspicious domains, such as using “gmail.com” or inaccurately spelled versions of the company’s name. This discrepancy is a strong indication of scamming attempts. Some scammers may even go as far as to CC a supervisor or the company’s CEO to make it look more legitimate.
Links and Attachments: Proceed with Caution
Treat any unexpected links or attachments with suspicion. Rather than clicking on a link directly, hover your mouse over it to preview the URL, checking for any discrepancies between it and the supposed sender’s web address. A mismatch or an unfamiliar string of characters in the URL is a clear sign of a scam attempt.
The Role of Vigilance and Verification
Educating employees about the dangers of phishing and the importance of secure communication channels is crucial. Organizations should enforce strict password policies and encourage the use of multifactor authentication (MFA) to add an additional layer of security.
Moreover, the implementation of a multi-step verification process for any changes to direct deposit information is essential. This process could involve verbal confirmations, the completion of a Direct Deposit Authorization Form, and adherence to the “four eyes principle,” requiring two separate individuals to approve significant transactions.
Requests for sensitive information or financial transactions should always be met with caution. Verbal confirmation from the requestor, rather than relying solely on email communication, can significantly reduce the risk of falling victim to these scams.
Additionally, organizations should monitor for tell-tale signs of fraudulent activity, such as mismatched names and emails, undue urgency, and the absence of expected documentation like voided checks. Attention to detail and adherence to established procedures for payroll changes are invaluable defenses against these sophisticated threats.
Conclusion
As payroll diversion and direct deposit scams continue to evolve, the collective efforts of employers, employees, and cybersecurity professionals are crucial in thwarting these cybercriminals. By fostering an organizational culture of security awareness, enforcing robust verification processes, and remaining vigilant for the signs of fraud, companies can protect their assets and their workforce from the financial and emotional turmoil associated with these scams.
