Fraudulent direct deposit change requests are a common scam, especially in today's digital age, and there has been a recent uptick in this activity. Cybercriminals target payroll departments by sending emails that appear to be from employees, requesting changes to direct deposit information.
How It Works
These scams can be sophisticated, with attackers using phishing techniques to access employee email accounts or creating email addresses that closely mimic legitimate ones. Once a fraudulent request is processed, the employee's paycheck is redirected to an account controlled by the scammer, resulting in financial loss and administrative headaches for the company. This highlights the need for strict verification processes and robust cybersecurity practices.
How To Avoid It
Always Use a Direct Deposit Form
Employees looking to change their direct deposit information should fill out and sign a direct deposit form. This form should be accompanied by a bank letter or a canceled check. To streamline this process, HR One has a downloadable direct deposit form for your convenience, available in the Member Login section under “Forms.”
Verify the Email Address
Double-check the email address from which the request is coming. Even if it appears to be from an employee, verify the address. Cybercriminals often use slightly misspelled or completely different addresses to trick you into accepting fraudulent requests.
Confirm Direct Deposit Changes Directly
Always follow up with the employee via a phone call or in person to confirm the legitimacy of the request.
Immediate Steps To Take If You Suspect Fraud
If you suspect that your company has fallen victim to a fraudulent direct deposit change, take these immediate steps:
By following these best practices and taking swift action you can protect your business and employees from financial loss. If you have any questions or need further assistance, please reach out to our support team.