Be Aware, Payroll Fraud is on the Rise
Payroll fraud is on the rise, especially direct deposit scams. Fraudsters are now targeting organization’s HR departments posing as employees in hopes of persuading HR to change the direct deposit bank information to one that is under new control. In most cases, HR and the employee do not realize a fraud has taken place until after payroll has been paid to the bogus account(s).
How to protect yourselves and your employees
- Check email addresses carefully, one missing/changed character is difficult to spot.
- Make your direct deposit or employee change forms on a shared drive accessed only by your employees, or a company intranet only accessible by employees.
- Requests to change direct deposits to GREEN DOT is typically a sign of fraud.
- Phishing email messages are sometimes short and casual. Typically, they do not have the misspellings, grammar mistakes and exclamation points you may expect. They usually use specific language to create a sense of urgency.
- Have any concerns? Contact that employee directly though their company email to verify request, or call them using an internal extension.
- Some companies require that all direct deposit changes must be done in person.
- Print the email request along with direct deposit form and give a copy back to that employee for verification.
- Require that a voided original check with banking information accompany a direct deposit request.
- Do not make employee emails and contact information accessible on your website. This gives thieves easy access to information to pose as a legitimate employee.
Here what emails may look like:
What to do if you feel you have been a victim of fraud
- Notify your payroll company immediately.
- File a report with your local police department or local FBI office. (Many local police departments will refer to you the FBI due to the nature of the crime.)
- Promptly contact the originating financial institution’s ACH department as soon as the scam is detected. Request a recall or reversal. If bank is local, you may want to visit in person.
- Contact the beneficiary bank (the bank receiving the funds). If local, you may want to visit in person to report the fraud.
- File a complaint with the FBI’s Internet Crime Complaint Center (https://www.ic3.gov/). Be sure to enter all the required data.
- Click HERE for a PSA on the FBI website regarding business email compromise.
- You may want to involve legal counsel for assistance in recovery efforts and/or guidance in the event the funds are not recoverable.
- All compromised parties should notify their IT Support to scan their computer for possible malicious software and possible email account take over.
If you have any questions, reach out to your payroll account manager at 248-543-2644 or email firstname.lastname@example.org.