While always frustrating, fraudulent emails (also called phishing emails) used to be easier to spot. Employees would receive "urgent" requests to send gift cards or personal information but the sender's message would have unusual formatting, lack signatures, or use fake names.375x300 FS blog.png

Over the years, these scam emails have gotten more complex. They no longer have the awkward language and grammatical errors that easily show they're written by a bot. Now, these emails often appear to be "from" someone who actually works at your organization and have your company's unique email signature.

These emails are also becoming more frequent. According to the Anti-Phishing Working Group's 2022 report, the company observed 1,270,883 total phishing attacks in Q3 alone, which marked an all-time high.

Of these business email compromise (BEC) threats, those involving payroll and direct deposit fraud are some of the most costly. 

What Does Payroll Fraud Look Like?

Payroll fraud is a tactic used by cyber criminals to obtain an employee's payments. Usually, the targets are HR and Payroll practitioners at larger companies and owners at smaller ones.

While this scam can take place over the phone, it most often occurs via email. These emails appear to be from a current an employee who requests changes to their bank account information.

As we mentioned earlier, these emails really can look very real. They can have the correct sender name and email signature of the employee they're pretending to be. They can also use the personal information they have acquired to pass through basic verification questioning.

If the scammer is successful, the actual employee's payroll is redirected to a fraudulent account.

How Can I Prevent Payroll Fraud? 

To prevent payroll fraud, it's crucial to be cautious when communicating through email. You should educate your HR or payroll employees on safe email practices when receiving requests. We've laid those out for you here:

  • Ensure that the email address belongs to the actual employee and has not been spoofed
  • Do not click on any links or open any attachments included in the message.
  • Before making any changes to bank accounts, it's essential to validate them directly with the employee. Use a validation method other than email, such as in-person meetings or calling the employee's known contact number.
  • If the email seems questionable, refrain from replying and promptly notify your IT team to report the email
  • Employ two-factor authentication for sensitive systems and information.

If you're a payroll client through Future Systems, know that we monitor our accounts for potential fraud. Our team is notified when employee direct deposit changes are directed to fraud-susceptible banks. Still, you should contact us right away if you know or suspect payroll fraud so we can possibility reverse or cancel the transaction. 

Subscribe to this blog

Stay up to date and learn new and exciting concepts with our Payroll Blog!

Subscribe Here

Ready to Get Started?

Please give us a call or fill out our contact form and a member of our friendly team will be in touch.
We’re ready to help you today!

800-453-5809 or Request a Quote