Skip to main content

May 8, 2019 | Payroll Software | Posted by Ascentis Thought Leadership

Are You at Risk for this New Payroll Fraud Scam?

Attention to detail is a defining trait of most payroll professionals. After all, the trust and financial well-being of a company’s workforce is in the hands of the people who handle the payroll. Even so, we all know that errors can and do happen in a field of work that puts so much stress on precision and accuracy. When you mix in bad actors from outside the system, there’s potential for real trouble.

Payroll departments are currently being warned to be on high alert due to some of those bad actors. A new strain of payroll scam has been turning up across the country, and the IRS reports that the scammers seem to be finding success through a combination of lower stakes and high volume.

How does this payroll scam work?

Essentially, the wire fraud works like this: a scammer contacts a payroll employee via a fake email address that appears to belong to someone within the same company, explaining that routing information for an employee’s direct deposit paycheck needs to be updated. If the scammer succeeds in getting the payroll employee to change the bank account and routing number, the deposits are transferred to an untraceable offshore account owned by the scammers.

If that seems like a weirdly simple scam, that’s exactly the point. Whereas many corporate hacking and phishing scams use complex methods to target big paydays on large wire transfers, this payroll scheme succeeds by focusing on a higher volume of smaller payoffs. The assumption seems to be that a request to change a single employee’s direct deposit information will raise fewer red flags than a larger attack, and will thus be more likely to get approved by an inattentive or busy payroll worker.

In fact, the more basic nature of these thefts is part of what makes them successful. In most reported cases, the thieves take care to use correct spelling and grammar, and to maintain a brief but businesslike tone. That differs greatly from the stereotypical scam email filled with awkward phrasing and creative spellings. It also makes these emails much less detectable to internal security systems that are programmed to scan communications for telltale keywords and language anomalies.

Who is at risk?

The scam takes advantage of workplace trust and familiarity. Oftentimes, the email address involved is designed to mimic that of a payroll employee’s actual supervisor, co-worker, or even the employee whose paycheck is being targeted. The default view of many company email programs only displays the name of the sender, not the full address, so something as simple as starting an account on Gmail or a similar free email provider could make a scam email indistinguishable from a legitimate communication, at least at a glance. An employee who receives a simple, well-written request from a recognizable name might not think twice about fulfilling it as directed.

For one more dastardly twist, there is some evidence that thieves are particularly targeting these efforts toward smaller businesses and nonprofits, organizations that might be thought of as more trusting, or at least less likely to have as rigorous security training as their larger counterparts.

While the impacts of this scam might not be as wide-reaching as those of more ambitious schemes, the harm done to the targeted individuals is very real. By the time a worker realizes their paycheck has not been deposited in their account, the theft has already taken place. Since this scam targets individual paychecks rather than entire payroll systems, there’s a greater likelihood that the missing paycheck will initially be attributed to a glitch in the system or an accounting error, which in turn makes it more likely that more than one paycheck will be deposited in the scam account before the fraud is detected. The employees will eventually be reimbursed for the stolen pay, of course, but for many workers even one delayed paycheck can create serious short-term financial hardships.

And those hardships don’t fall only on the shoulders of the employees who have the misfortune of being targeted. A company that falls victim to this kind of wire fraud is responsible for making sure any affected employees are promptly paid in full. Making that restitution costs a company not just the amount of the stolen paycheck, but also the hours an HR team spends in detecting the fraud, correcting the employee’s account information, and reissuing the proper payment. Again, while this is less financially damaging than some larger phishing scams, those tasks can add up to a significant sum.

How can I avoid payroll fraud?

So, what can your company do to avoid falling victim to this kind of wire fraud? As with many security issues, the key is attention to detail and making sure proper payroll procedures are followed. Establish a clearly communicated, step-by-step process for submitting and processing all payroll changes, and be sure that all relevant HR employees are properly trained on this procedure. Do not allow any payroll change requests, even legitimate ones, to be initiated via a simple email or phone call. Require that any change to paycheck-related employee information be approved by more than one person before being processed.

This kind of diligence may require an extra time investment, especially for smaller businesses, but in the long run it will be worth the effort. Even beyond preventing this specific form of wire fraud, upgrading your company’s paycheck security efforts will benefit everyone involved and help you avoid the potential for embarrassment and financial damages.

With more than 35 years of experience in providing Software as a Service (SaaS) solutions, Ascentis thought leaders have become a respected source for insights, tips, and innovations in the Human Capital Management (HCM) space.