Payroll Diversion Fraud is Targeting Employees

By Sophie Van Remortel | Digital Marketing & Content Coordinator


Costly direct deposit theft scams are on the rise


How does it work? 

Cyber criminals are after employee paychecks that use direct deposit. Using phishing and other attack types, threat actors are tricking employees (including HR) into typing their usernames and passwords into fake payroll or “company” websites. Criminals then change direct deposit ACH information to a fraudulent account, thereby stealing one or more paychecks. Bad actors may also set up hidden email rules that intercept or redirect relevant emails that could otherwise reveal the fraud. 


How To Protect Yourself 

  1. Use MFA on your work and payroll accounts. 

  1. Use MFA on personal Gmail and/or other accounts that may be used on your banking or payroll accounts. 

  1. Use advanced authentication with three or more factors on all payroll funding bank accounts. 

  1. Use checks and balances process on all ACH changes (request from one person, verified and approved by a second person not via email). 

  2. Verify all ACH change requests with the employee directly. It is critical this occur over a method other than email. 


Stay Vigilant 

It is critical that everyone be proactive and alert when communicating through email. Be sure the email address is that of the employee and not spoofed. By educating employees on safe email practices, including how to recognize and report suspicious emails, you can help mitigate the threat of payroll fraud. 

  • Be cautious of requests for bank account changes that originate via email, especially if the email has a vague or urgent subject line. 

  • Validate bank account changes directly with your employee before entering them. It is critical that validation occurs through a method other than email (i.e. in person, by calling the known contact number, instant message, etc.). 

  • If you receive a suspicious email, do not click on any links or open any attachments within the message. Do not reply to the email, and immediately report it to your IT team. 

  • If you receive a phone call asking for a bank account change, do not give out any information or process any changes until you validate the caller’s identity through another method (i.e. in person, by calling the known contact number, instant message, etc.). 


If you are an employee and you received a notification of a change that you did not authorize, contact your payroll department immediately and notify SWICKtech immediately at (414) 257-9266 or

Have you been targeted by cyber criminals?


Contact Us Today!


Related Blogs

Please wait while we gather your results.

HiveNightmare aka SeriousSAM Vulnerability

Microsoft has issued an urgent security notice regarding HiveNightmare (also known as SeriousSAM), which is a vulnerability that can allow a regular user unintended administrative access to an organization’s network.

Read More

Urgent Security Notices Issued for Microsoft’s PrintNightmare

Early the week of July 6th, US-CERT, CISA, and Microsoft issued urgent security notices regarding PrintNightmare.

Read More

Four Ways To Make Sure Your Passwords Are Secure

Here are four ways to make sure your passwords are secure

Read More

Sign Up for Our E-Newsletter

BBB accredited

© 2021 Swick Technologies, LLC.
Free Consultation!
Close Panel

Five Minute Consultation

We'd be happy to have a free, no-strings-attached consultation to talk about any IT or technology issue that you're having at your organization. Fill out the form below or reach us by phone during business hours at (262) 333-0222.

Swick Technologies

15700 W Cleveland Ave
New Berlin, WI

Sales: 262.333.0222
Help Desk: 414.257.9266

Swick Technologies LLC BBB Business Review