21 May Payroll (Direct Deposit) Diversion Fraud is on the Rise
Payroll (Direct Deposit) Diversion Fraud is on the Rise
In an effort to inform and protect our clients against payroll related fraud, we want to bring to your attention the types of fraudulent emails and scams that are circulating and the best practices to protect yourself and your employees.
How it is happening:
Fraudulent Emails – Fraudsters are creating knock-off versions of company email addresses to make false requests on behalf of the employee. These knock-off email addresses can easily go unnoticed because they are only 1 character off from the real address. For example, changing firstname.lastname@example.org to email@example.com. Typically these false requests involve changing the employee’s direct deposit to a pay card account.
How to protect yourself:
- Verify all email direct deposit change requests in-person or over the phone with the employee directly. DO NOT verify by replying to the email.
- Highly encourage your employees to utilize employee self-service (if available) to update their information.
- Run an audit report and examine for unusual direct deposit changes. Contact your support specialist if you need assistance with this.
- Consult with your I.T. professional to ensure the proper security measures are in place.
How we are helping to protect you:
- Our Customer Support Specialists are taking extra precautions with direct deposit change requests. If you submit a direct deposit change request to your support specialist, please be aware that we may ask if you have verified the request with the employee in-person or over the phone before proceeding.
- We actively monitor for duplicate direct deposit and pay card accounts in the system to identify possible fraud and will notify you immediately if this is ever found in your company.
Here are some general tips for email security:
- Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types.
- Do not provide sensitive personal information (like usernames and passwords) over email.
- Watch for email senders that use suspicious or misleading domain names.
- Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.
- Setup 2 step verification for your email account and encourage your employees to do the same. Most email providers have 2 step verification as a security option.
If you ever have a suspicious email that appears to come from our internal staff please contact your Client Service Representative right away and we will verify.
Payroll Link Support