That being said, it's your role to understand what to look for when it comes to payroll diversion, educate your employees, and implement controls to protect your business.
Here's how payroll diversion works:
- The fraudster sends a phishing email to your employees posing as a legitimate site. The email will often include the payroll website's logo, or even your company's logo, prompting your employee to enter their payroll login information.
- Once your employee enters their confidential information, the fraudster will then use it to log into the legitimate payroll site and edit the account number where the direct deposit is received. The fraudster will change the direct deposit information to their own account number, which is typically linked to a prepaid card.
- After the direct deposit information is updated, the fraudster will often turn off any notifications or emails that are sent on a recurring basis to the employee.
- The fraudster will receive the direct deposit to their own account until the activity is discovered.
Payroll diversion can be a huge risk to your business if you don't take the necessary steps to educate your employees and implement security controls.
Here's what you can do to protect your business:
- Keep an eye out from behind the scenes. In this situation, it's better to be skeptical than taken advantage of by a fraudster. Train your employees to forward suspicious emails to a phishing inbox so you can monitor and advise employees on what emails are fraudulent. You may also monitor employees' logins outside of your working business hours and utilize a payroll system with multiple levels of verification.
- Educate your employees on what to expect. If your employees know your security standards, they will be more apt to recognize a potential phishing email. The standards should be known company-wide and may include statements such as the following: we will never email you requests that require you to enter personal information; all suspicious emails should be forwarded to the IT or security department, ensure login credentials are never repeated from login to login (i.e., network, payroll, benefits), and never click on a link or download an attachment that is not expected.
- Always hover on hyperlinks. While you may have company level security measures in place to protect the inboxes of your employees, payroll diversion can happen inside and outside of the workplace. Train your employees to look for red flags both within their company email and personal, paying close attention to any email claiming to be associated with a “payroll” portal, login, or informational form. Stress the importance of hovering over all hyperlinks included in emails in order to see the actual URL. It's important that the URL is recognizable and associated with the payroll company.
While payroll diversion is a proven and successful scam tactic, educating your employees is the key to protecting your business against this con. As new cyber threats evolve, it's important to keep your employees aware of the latest and enhance your security measures to ensure you are staying ahead of the cyber game.