The age of the internet and technology has ushered in a whole host of different innovations and inventions, ones that have made countless people’s lives easier. Of course, these innovations have also introduced a number of new problems. While some are just more frustrating than they are truly damaging (we’re looking at you, automated answering bots), some of these issues present dangers that can translate into real-world problems. One of the more concerning and prevalent of these issues is phishing scams. For business owners, these types of scams present a whole host of problems, whether it be employees falling victim to bad actors and causing damage to their lives, or the risk of sensitive data being compromised and putting your entire business at risk. Thus, many business owners are asking themselves if a simple email or text message can put your entire business at risk, how are you supposed to protect your company and the people who work for it?
It’s a really great question, but unfortunately, it’s not one with a super straightforward answer. At Payday HCM, we’ve received numerous questions from clients concerning these kinds of scams that have only become even more prevalent in recent years. As a payroll and HR services provider, we want to do everything we can to not only assist our clients with any of their needs but also protect them from any possible scams or fraud that could have disastrous consequences for their business. And, although there are a number of different types of fraud out there, there is one that can be especially damaging for both employers and employees: direct deposit fraud.
So, in this article, we’ll be going over direct deposit fraud, also referred to as payroll diversion scams, to not only provide a picture of what it is and its effects, but also provide you with strategies for protecting everyone within your organization. We’ll break down the general mechanics of how this kind of fraud works, followed by the potential consequences of falling victim to these kinds of scams, and the steps you can take to protect yourself. By the end of this article, you’ll have a better understanding of what to look out for and how to better protect yourself and your business.
In this article, you will learn:
- What Is Direct Deposit Fraud?
- What Can You Spot A Payroll Diversion Scam?
- How Can I Prevent Direct Deposit Fraud?
What Is Direct Deposit Fraud?
First things first, we’ll start by going over what a payroll diversion scam is and how it works.
Phishing Scams
Generally, when you think of modern-day scams that involve things like emails or text messages, you think of phishing scams. With direct deposit fraud, it’s no different: the whole chain of events will likely be kicked off with some sort of phishing attempt.
But what is a phishing scam? Well, generally speaking, a phishing scam is when a user receives an email, or sometimes even a text message, that appears to be from a trusted source (their bank, internet service provider, or another source) that prompts the user to provide them with personal information. These scams will typically involve scaring the user into thinking that there’s something wrong with some account and that they need to click a login link in order to resolve the issue.
What Is A Payroll Diversion Scam?
So, then, when we’re looking at direct deposit fraud and payroll diversion scams, we’re looking at a type of phishing scam. In this instance, someone posing as a supervisor at your company will email an employee asking them to update their direct deposit information. From there, the employee will click a false link that will allow the scammer to gain access to their employee self-service portal.
The scammer will then go into their ESS portal and change the employee’s direct deposit information so that it redirects to an account that they control. According to Payday’s Director of Operations, Liz Mink, the scammers will often use online banking platforms like Chime to direct ninety percent of an employee’s check to themselves, leaving the employee with only ten percent of their check.
What Can You Spot A Payroll Diversion Scam?
Now that we have a better understanding of what direct deposit fraud is, we can take a deeper look at the potential warning signs that might reveal a payroll diversion scam.
Will A Supervisor Ever Ask Me To Update My Direct Deposit Information?
The crux of direct deposit fraud is an employee receiving an email that asks them to update their direct deposit information in their ESS. This raises the question: How likely is this to actually happen? According to Mink, unless the employee goes in and makes changes to their direct deposit, there wouldn’t ever be an occasion for a supervisor (and, by extension, their ESS portal) to ask an employee to update their direct deposit.
“Probably not,” Mink said. “Nobody would ever say, ‘Hey, can I have your new direct deposit [information]?’ And you’re [thinking] ‘I already have my direct deposit stuff set up, why are you asking?’ So that would be maybe a hacker getting into [a supervisor’s] email and sending an email out to all the employees saying, ‘Hey, can you guys update your direct deposit?’”
Identifying Suspicious Emails
In the case that you do receive an email that claims to be sent from your ESS portal, asking you to update or verify your direct deposit information, there are ways that you can verify whether the email is legitimate or not (aside from the fact that receiving this kind of email is in it of itself unlikely).
One big clue for spotting direct deposit fraud is specificity and asking for information you’ve already provided. If the email simply states “Dear employee,” as opposed to a more specific greeting, there’s cause to be suspicious. You can also look for spelling or grammatical mistakes within the emails, or search for other emails from your ESS portal and match the email addresses (if the email you received doesn’t come up in your search, though, it’s probably not legitimate).
These methods exist on top of providing your employees with regular phishing training to better equip your organization with the tools for knowing how to spot a potentially fraudulent email. This can include regular online trainings, in-person presentations, or even sending out fake phishing emails to test employees’ knowledge on spotting phishing emails.
How Can I Prevent Direct Deposit Fraud?
Aside from spotting emails that don’t appear to be legitimate, there are other methods for preventing this type of direct deposit fraud.
Verify, Verify, Verify
The best step that businesses and individuals can take to prevent falling victim to a payroll diversion scam is to verify the authority and authenticity of the email or text message they’ve received. For Mink, this due diligence is key in preventing direct deposit fraud from occurring and can help to keep employers and employees safe.
“There's so many fraudsters out there who are gaining access to an employee via the employee's email address… or they’re emailing from a fraudulent email address to the payroll person saying, ‘Hey, I changed my bank account,’ and people are not authenticating that. So, due diligence on the employer side about calling the employee and verifying that the information they’ve gotten via email [is crucial],” Mink said.
How Payday Is Working To Protect Clients From Direct Deposit Fraud
At Payday, we’ve taken a number of steps to help protect our clients from falling victim to this form of fraud. From educating clients to utilizing protective systems within isolved, Mink said Payday is hard at work when it comes to equipping clients with the knowledge they need to avoid potentially dangerous emails.
“We’ve set up all of these workflows on every single client, and we’ve talked to the clients about it. And, if they didn’t want it, then we shut direct deposit changes off so the employee self-service doesn’t allow that… Every single time an employee or a client does payroll… we’re also going and verifying any changes on the change report. So, we’re working hard on seeing what else we can do for the prevention,” Mink said.
Protect Your Business From Potential Scams
As we previously stated, technology has been a great aid in helping numerous businesses streamline processes and reach markets they wouldn’t have been able to otherwise. Of course, it’s also introduced its own set of issues—including phishing scams that lead to direct deposit fraud. Just the idea of a member of your organization falling victim to a payroll diversion scam is likely to cause stress, let alone it actually occurring. Prevention, funny enough, relies more on human intuition and intervention to ensure any emails received claiming to be from a relevant party are, in fact, legitimate. And, with the tips provided in this article, you’ll have what you need to get your business started on its fraud prevention journey.
No one wants to be a victim of fraud, but preventing things like direct deposit fraud from happening can feel difficult and confusing. Oftentimes, asking for outside help can help to clear up some of this confusion. Learn more about the differences between partnering with a payroll services company versus performing payroll in-house to see if this partnership is the right fit for your business.
Topics: