The details of the payroll scam
With this scam, fraudsters are sending illegitimate emails to human resources or payroll individuals, posing as upper management, often a CEO, CFO, or director, and even other colleagues in some cases. The email contains information persuading the recipient to update employee information in your payroll systems including bank account or routing numbers for paychecks. If the scammer succeeds, the payroll funds are direct deposited into the scammer’s account, leaving the business at a loss and an employee with delayed access to their funds.
Warning signs for spoofed emails
There are a few signs you can look out for to help spot these emails before it is too late.
- An email address similar to your organization, with slight differences. The scammer sending these emails will often pose as an individual within your organization by creating email accounts with similar domains and styles. The sender account may be one or two letters from the original account making it hard to spot without a second thought.
- Email with an added sense of urgency. There is often an increased sense of urgency to the message of the email or subject line, so that the updates are made to the system without question. Train your employees to be diligent when it comes to odd requests, set standards for what will and will not be asked of them, and encourage your employees to ask questions when a situation seems out of the ordinary.
- Create a company standard for email signatures. By creating a standard for both design and structure of email signatures, it will give your employees another way to spot suspicious and illegitimate emails.
Keeping your employees informed and engaged is your biggest defense. Get ahead of the fraud by communicating and educating your employees with what’s happening in the industry and how to spot scams before it’s too late. Encourage your staff to verify any payroll requests with the specific employee prior to updating the information. If you ever suspect your business is the victim of a scam, immediately report the incident to law enforcement or with the Internet Crime Complaint Center.
For more tips and tactics on how to protect your business from Fraud, visit our Learning Center!