Within the past few months, we have received multiple emails as part of a payroll fraud scam. This scam was first reported in 2018 by the IRS. Since then, small business owners, payroll professionals, and HR companies have found themselves at the receiving end of these emails.
How does it work?
Typically, the scammer will impersonate an employee and send an email to HR or the payroll processor asking to update their payroll information. Once the routing and account number is changed, the employee’s paycheck will be directed to the scammer’s bank account.
What does the email look like?
The email will appear to be from an employee and they are typically short, polite, and ask that you change the information before the next payroll period.
The IRS reported that a common theme in these emails is that they include grammatical and spelling mistakes. We have also noticed that the email address typically looks suspicious, containing a string of numbers and no indication that the email belongs to the employee. However, some scammers are able to spoof an email to make it look like it’s coming from within the company.
Here is an example of an email we have received:
What to do if you receive a suspicious email
The first thing is to be aware of this payroll scam. This will help you take extra precautions when determining whether an email is legitimate. Here are some other things you can do to prevent falling victim to this scam:
Don't respond to the email
Don’t click any links or attachments
Verify with the employee directly if they would like that bank account information changed
Report the scam to the FBI via the Internet Crime Complaint Center IC3
How to prevent fraudulently payroll scams
While it's not possible to completely prevent receiving payroll scams, there are steps you can take to detect them. The best way is to establish a procedure for making changes to payroll information and ensure all employees are properly trained on this procedure. For example, requiring employees to fill out a form, sign it, and turn it in in person. If your employees work remotely, then confirm changes with a phone call with a phone number on file or on video chat.
To learn more, check out our blog post about ways to protect your business from fraud.