Attention Payroll Managers: Phishing Scams Increasing

payroll managers beware phishing scam
Avatar photo

Liz Strikwerda

Content strategist and corporate blogger (2000+ posts). Her work has been featured on G2's Learning Hub, Human Resources Today, Better Buys and over 500 business websites. She plays bluegrass mandolin and enjoys sailing her catamaran and hiking in the red rock wilderness of southern Utah. Connect with me on LinkedIn

In the day-to-day bustle of getting people paid, sometimes we forget. We are dealing with REALLY sensitive information. SSNs and bank account numbers. W-2 forms and wire transfer instructions.

HR Is The New Target of Cyber Crime

Email scammers are defrauding companies with emails to payroll managers, HR professionals, and business tax preparers.

In 2018, businesses lost $12.5 billion to fraud. The FBI categorizes these types of schemes as business email compromise (BEC) or business email spoofing (BES).

An Easy Scam to Pull Off

It takes some expertise for a cyber villain to hack into an email account. Anyone can attempt these phishing schemes, however. All they need to do is create an email account under someone else’s name.

Fraudsters can see your CFO’s name on your website, LinkedIn, or other business sites. They can probably see your firm’s email naming convention somewhere on your website or social media account. And it’s just as easy to find names of employees without too much digging.

The scammer creates an email account with an address similar to the real account. For example, if the actual email address is [email protected], they might choose [email protected]. A busy payroll manager may not notice.

Types of Payroll Phishing Email Scams

The most common phishing emails sent to HR and tax preparers take the following forms:

  1. Requests direct deposit information to route paycheck to a scammer-controlled bank account.
  2. Requests W-2s to fraudulently file tax returns and receive a tax refund.
  3. Requests a company wire transfer to re-route to a scammer-controlled bank account.

Protect Your Inbox

The emails look innocent enough. They rarely have the incorrect spelling and grammatical errors we’ve come to expect from the scam emails that flood our inboxes.

Here is an example email from a scammer impersonating an employee:

Date: 7/22/19
To: Karen Summers
Subject: Direct Deposit Update Request

Karen,

Can you update my direct deposit before next payroll? I just changed bank accounts. Attached is the new account info.

Thanks for your prompt attention to this!

Brett

Some emails purport to come from the CEO or CFO.

From: Linda Sharp
Date: 12/8/18
To: Blake Green

Subject: ACH Payment Attention

Blake,

Authorized, can you handle domestic wire transfer ASAP? Heading into meeting in five. Confirm by email only.

Thanks,

Linda

Beware a Sense of Urgency

Cybercriminals count on the fact that when an executive asks you to jump, you immediately say ‘How high?’ If it seems suspicious, always make a phone call to verify that the email is real. In fact, you should prohibit email-only requests for wire transfers.

Here are other steps you can take to protect your employees, your company, and your job.

  • Use an employee self-serve (ESS) portal so employees can update their own direct deposit information.
  • Ask your IT team to update email spam filters to screen for these scams.
  • Tighten policies and procedures for financial transactions.
  • Look closely at email addresses to detect slight differences.
    • Never answer an email on your mobile phone when you can only see the sender’s name and not the actual email address.
  • Remove the names of HR staff from websites and social media accounts.

How Do I Report a Suspicious Email?

  • Non-tax related BEC/BES email scams should be reported to the FBI’s Internet Crime Complaint Center (IC3) http://www.ic3.gov/
  • Report tax-related phishing emails to mailto:[email protected]
  • If W-2 forms are compromised, visit the IRS Form W-2/SSN Data Theft page for instructions.

By Liz Strikwerda

 

Simplify HR management today.

Simplify HR management today.

Earned Wage Access (EWA) 101

March 26, 2024
Posted in ,

Attract, retain and motivate talent while reducing costs with EWA Guest post by: Tate Hackert It should come as no surprise to learn that many employees are living paycheck to paycheck—two in five, to be exact. 84 percent of employees are also worrying about finances while at work. Employees today are struggling to make ends meet,…

Read More

What to Expect in the Workplace During March Madness

March 19, 2024
Posted in ,

It’s that time of year again. Everyone is talking about Cinderella teams, brackets, upset alerts, and cutting down nets. As an employer, you may be wondering how March Madness impacts your team morale and productivity levels. And the reality is, the NCAA basketball tournament does have an effect. But just how much? Let’s dive in…

Read More
brand-workforce-shower

WorkforceHub takes care of business.

We’ll show you how.

Request a Demo - Footer Form

Looking for help? Please click here.

brand - dots