Did you receive an email from one of your employees asking you to change their bank account for direct deposit? It could be scam.
In a recent wave of payroll diversion scams, cybercriminals will impersonate your employee and email your payroll manager to update their bank account information for payroll direct deposit. The email may come from a legitimate company email that has been compromised or a fake email that appears to be authentic. If the change is completed, your employee’s paycheck is sent to an account set up by the scammer.
Training employees to be cautious when receiving requests to change payroll and payment information and to not click on suspicious links or attachments is a great first step; however, it’s equally important to have multi-layer verification procedures in place. This may include in-person or telephone follow-up, setting up security questions, or requiring a form to be completed and signed for these types of changes to take place. It’s best not to rely on information that can easily be guessed or located online, such as birthdays, maiden names or family member names.
This is just one of many business email compromise (BEC) tactics scammers use to defraud businesses. Click here to learn more about these scams from the Federal Bureau of Investigation (FBI). If you spot a scam, report it to the Federal Trade Commission by calling 1-877-382-4357 or by visiting reportfraud.ftc.gov.
If you or your employees may have fallen victim to a scam that has put your business at risk, contact us right away so we can take steps to protect your accounts and information.
