Payroll Diversion Fraud Is Targeting Employees

Sophie Van Remortel
| Digital Marketing & Content Coordinator
Costly direct deposit theft scams are on the rise

 

How does it work?

Cyber criminals are after employee paychecks that use direct deposit. Using phishing and other attack types, threat actors are tricking employees (including HR) into typing their usernames and passwords into fake payroll or “company” websites. Criminals then change direct deposit ACH information to a fraudulent account, thereby stealing one or more paychecks. Bad actors may also set up hidden email rules that intercept or redirect relevant emails that could otherwise reveal the fraud.

 

How To Protect Yourself 

  1. Use MFA on your work and payroll accounts.
  1. Use MFA on personal Gmail and/or other accounts that may be used on your banking or payroll accounts.
  1. Use advanced authentication with three or more factors on all payroll funding bank accounts.
  1. Use checks and balances process on all ACH changes (request from one person, verified and approved by a second person not via email).
  2. Verify all ACH change requests with the employee directly. It is critical this occur over a method other than email.

 

Stay Vigilant 

It is critical that everyone be proactive and alert when communicating through email. Be sure the email address is that of the employee and not spoofed. By educating employees on safe email practices, including how to recognize and report suspicious emails, you can help mitigate the threat of payroll fraud.

  • Be cautious of requests for bank account changes that originate via email, especially if the email has a vague or urgent subject line.
  • Validate bank account changes directly with your employee before entering them. It is critical that validation occurs through a method other than email (i.e. in person, by calling the known contact number, instant message, etc.).
  • If you receive a suspicious email, do not click on any links or open any attachments within the message. Do not reply to the email, and immediately report it to your IT team.
  • If you receive a phone call asking for a bank account change, do not give out any information or process any changes until you validate the caller’s identity through another method (i.e. in person, by calling the known contact number, instant message, etc.).

 

If you are an employee and you received a notification of a change that you did not authorize, contact your payroll department immediately and notify SWICKtech immediately at (414) 257-9266 or helpdesk@swicktech.com.

Stop potential hackers in their tracks.

Related Blogs

SWICKtech’s New Cybersecurity Agreement Makes Implementing New Cyber Insurance Requirements Easy

SWICKtech’s New Cybersecurity Agreement Makes Implementing New Cyber Insurance Requirements Easy

You may not know your business is at risk until it's too late The landscape of Information Technology (I.T.) has ... Read More >
What Is the Log4J Vulnerability?

What Is the Log4J Vulnerability?

Log4J is a free and open-source logging library widely used by companies large and small. Officially designated CVE-2021-44228, the 0-day ... Read More >
When are cyber criminals more likely to attack?

When are cyber criminals more likely to attack?

According to a 2021 report from IBM and the Ponemon Institute, the average cost of a data breach among companies ... Read More >