Skip to main content

November 8, 2021 | Payroll Software | Posted by Ascentis Thought Leadership

Direct Deposit Scams: The New Payroll Phishing Email Schemes to Look Out For

Attention to detail is a defining trait of most payroll professionals. After all, the trust and financial well-being of a company’s workforce are in the hands of the people who handle the payroll. Even so, we all know that errors can and do happen in a field of work that puts so much stress on precision and accuracy. When you mix in bad actors from outside the system, there’s potential for real trouble, and that trouble often comes in the form of direct deposit scams.

Payroll departments are currently being warned to be on high alert due to some of those bad actors who are the masterminds behind direct deposit scams. A new strain of payroll scams has been turning up across the country, and the IRS reports that the scammers seem to be finding success through a combination of lower stakes and high volume.

Scammers have gotten creative with the way they phish for information, and it can be hard to tell when you’re actually getting scammed, which is exactly why it’s so crucial to be aware of the different payroll phishing email schemes so that you can stop a scam before it even has a chance to get started.

So, what exactly do these direct deposit scams look like? In this blog post, we’ll be discussing what payroll diversion fraud is, how direct deposit scams work, what to do if you’ve been scammed, and more. Continue reading, or use the links below to navigate throughout the post, so you can find out how to avoid these direct deposit phishing scams once and for all.

What is payroll diversion fraud?

What is payroll diversion fraud? And how does it play a role with these scams?

Payroll diversion is a type of direct deposit scam known as phishing. Payroll diversion happens when a scammer emails an organization’s payroll, finance, or human resources department as a way to get information. The email the scammer sends is meant to look like it came from an employee who updated their direct deposit information and is letting HR know.

This act of sending emails is called phishing. Direct deposit phishing schemes are designed to trick you into giving information to people who shouldn't have it. The email will look like it either came from an employee or a legitimate business that is asking you to verify your personal information. The web address they use will likely look similar to something you’ve used before. This is all part of their scheme to get you to click on the link they provided in the email and relay over your classified information. In fact, the FBI found an 815 percent increase in the dollar loss of direct deposit change requests between January 2018 and July 2019

In addition to email phishing schemes, there are other types of phishing schemes you should be aware of. Vishing scams typically happen over the phone, smishing scams happen over text messages, and pharming scams happen when a code is installed on your computer that brings you to fake websites.

Phishing schemes aren’t the only problem—there are other things you need to look out for for the sake of your business. Some other common types of payroll fraud include time fraud, billing fraud, and classification fraud.

There are countless ways your business can lose money beyond just phishing schemes, which is why it’s so important to know how to avoid payroll fraud practices. Always make sure you classify your employees correctly and use a time-tracking device to streamline the timesheet process. Also, make sure you have clearly communicated company policies to all employees to limit the number of mistakes made.

Taking these steps is crucial to ensure the safety and security of your business and all its employees.

How do direct deposit scams work?

Direct deposit scams can look different every time, which makes it so much harder to pinpoint when exactly it’s happening. But there are a few key things you should look out for whenever you receive an email from a web address you’ve never seen before.

Essentially, a direct deposit phishing email scam will look something like this:

  • A scammer contacts a payroll employee via a fake email address that appears to belong to someone within the same company.
  • The email will state how the routing information for an employee’s direct deposit paycheck needs to be updated. The body of the email will likely be short and to the point, but not obvious. It will probably be written in a friendly tone of voice to deceive the payroll employee into believing it’s actually from a legitimate employee.
  • If the scammer succeeds in getting the payroll employee to change the bank account and routing number, the deposits are transferred to an untraceable offshore account owned by the scammers.

If that seems like a weirdly simple scam, that’s exactly the point. Whereas many corporate hacking and phishing scams use complex methods to target big paydays on large wire transfers, this payroll scheme succeeds by focusing on a higher volume of smaller payoffs.

The assumption seems to be that a request to change a single employee’s direct deposit information will raise fewer red flags than a larger attack, and will thus be more likely to get approved by an inattentive or busy payroll worker.

In fact, the more basic nature of these thefts is part of what makes them successful. In most reported cases, the thieves take care to use correct spelling and grammar and to maintain a brief but businesslike tone. That differs greatly from the stereotypical scam email filled with awkward phrasing and creative spellings. It also makes these emails much less detectable to internal security systems that are programmed to scan communications for telltale keywords and language anomalies.

Who is at risk of direct deposit scams?

Direct deposit scams take advantage of workplace trust and familiarity. Oftentimes, the email address involved is designed to mimic that of a payroll employee’s actual supervisor, co-worker, or even the employee whose paycheck is being targeted.

The default view of many company email programs only displays the name of the sender, not the full address, so something as simple as starting an account on Gmail or a similar free email provider could make a scam email indistinguishable from a legitimate communication, at least at a glance. An employee who receives a simple, well-written request from a recognizable name might not think twice about fulfilling it as directed.

But these attackers don’t just send these emails to just anyone. They’re clever with their tactics and target specific organizations that are less likely to be able to identify a scammer.

The organizations most at risk of direct deposit scams include:

  • Corporations
  • Smaller businesses
  • Nonprofits
  • Individual employees

Smaller businesses, individuals, and nonprofits are generally most at risk of these scams as these organizations are thought of as more trusting, or at least are less likely to have as rigorous security training as their larger counterparts like corporations.

These payroll phishing email schemes are directed toward a company’s payroll, finance, or human resources department. The goal of these schemes is to target individual paychecks rather than entire payroll systems. That is because there’s a greater likelihood that the missing paycheck will initially be attributed to a glitch in the system or an accounting error, which in turn makes it more likely that more than one paycheck will be deposited in the scam account before the fraud is detected.

While the impacts of this scam might not be as wide-reaching as those of more ambitious schemes, the harm done to the targeted individuals is very real. By the time a worker realizes their paycheck has not been deposited in their account, the theft has already taken place. The employees will eventually be reimbursed for the stolen pay, of course, but for many workers, even one delayed paycheck can create serious short-term financial hardships.

And those hardships don’t fall only on the shoulders of the employees who have the misfortune of being targeted. A company that falls victim to this kind of wire fraud is responsible for making sure any affected employees are promptly paid in full. Making that restitution costs a company not just the amount of the stolen paycheck, but also the hours an HR team spends in detecting the fraud, correcting the employee’s account information, and reissuing the proper payment. Again, while this is less financially damaging than some larger phishing scams, those tasks can add up to a significant sum.

How to avoid direct deposit phishing scams

Now that we know what direct deposit scams look like and what kind of organizations these attackers typically target, let’s discuss what your company can do to avoid direct deposit phishing scams.

There are a few key things your company should focus on to ensure they do not fall victim to payroll diversion, such as:

  • Improve the company’s overall attention to detail and make sure proper payroll procedures are always followed.
  • Establish a clearly communicated, step-by-step process for submitting and processing all payroll changes, and be sure that all relevant HR employees are properly trained on this procedure.
  • Do not allow any payroll change requests, even legitimate ones, to be initiated via a simple email or phone call. Require that any change to paycheck-related employee information be approved by more than one person before being processed.

This kind of diligence may require an extra time investment, especially for smaller businesses, but in the long run, it will be worth the effort. Even beyond preventing this specific form of wire fraud, upgrading your company’s paycheck security efforts will benefit everyone involved and help you avoid the potential for embarrassment and financial damages.

Additional suggestions to avoid direct deposit phishing scams provided by the FBI include:

  • Multi-factor Authentication: This requires a user to present at least two pieces of evidence to an authentication mechanism in order to access a website or application. This evidence is meant to verify a user’s identity to prevent scammers from gaining access.
  • Review domain URL in emails: It’s crucial to review the domain URL in every email the HR department receives in order to identify bad actors. There are various domain reputation lookup tools your HR department can use to verify the legitimacy of a domain address.
  • Check for misspellings in domain name hyperlinks: If an email is legitimate, it will most likely not have any misspellings. If an email is from a scammer, there’s a good chance there might be something spelled wrong in the domain name hyperlink. Keep an eye out for misspellings at all times.
  • Don’t provide personal information via email: Even if it’s to an email address that you know is legit, refrain from providing any type of personal information. Never provide things like passwords or account information via email. You never know who is receiving it.
  • Urge employees to regularly review personal financial accounts for irregularities: Your employees should keep a close eye on their own personal financial accounts so that they can quickly catch any irregularities and report them to HR.
  • Keep software updated: Make sure you keep all software patches on and systems updated so that scammers can’t easily break in.
  • Always verify email addresses: Always double-check the address of the recipient you’re emailing. This is especially important when using a mobile device to send emails. The email address you’re responding to should match who it came from.
  • Update settings to show full email extensions: Make sure all your employee’s computer settings are set to show full email extensions so that they can easily identify phishing scams.

Being a victim of payroll diversion fraud is not something to take lightly, and for the sake of your business and all of your employees, it’s imperative to follow these steps so you can avoid phishing scams at all costs.

What to do if you’re a victim of payroll diversion fraud

If you find yourself a victim of payroll diversion fraud, don’t beat yourself up—it can happen to anyone at any time. These scammers can be extremely clever with their tactics.

But if you do find yourself in this unfortunate situation, it’s crucial to take the proper steps in the aftermath of a scam. If you believe you’ve been a victim of payroll diversion fraud, you need to file a complaint with the FBI’s Internet Crime Complaint Center and contact your financial institution for a reversal.

In your complaint, you will need to include the victim’s name, address, phone number, and email, the financial transaction information, the subject’s information, email headers, and specific details about how they were victimized. This is all crucial information to include in order to support your complaint so your employee can get paid and your business can get its money back.

Wrapping up: Direct deposit scams and what to look out for

Finding yourself in the midst of a direct deposit scam is definitely frightening, and you’re probably blaming yourself for not having been able to see it. But that’s the main issue with direct deposit scams. They can be almost impossible to see.

This is why it’s so crucial for you and all of your employees to follow the proper steps to avoid phishing scams. Even just one scam can have a huge impact on your business. So if it happens once, take it as a learning lesson and implement the right strategies to make sure it never happens again.

If you’re looking for a way to help your business remain compliant and automate the payroll process, check out Ascentis’ payroll software. Ascentis’ payroll software helps ensure all of your employees are paid securely and on time with 100% accuracy. Ascentis will also help out with other important aspects of payroll management, like fighting workplace theft and avoiding W2 fraud.

Ascentis will help you keep track of your payroll accounts and ensure optimal HR data privacy, so you don’t have to worry about any breaches in your system that could end up costing your business substantial amounts of money.

With more than 35 years of experience in providing Software as a Service (SaaS) solutions, Ascentis thought leaders have become a respected source for insights, tips, and innovations in the Human Capital Management (HCM) space.