<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=351166518341071&amp;ev=PageView&amp;noscript=1">
Skip to main content

«  View All Posts

small business payroll /

Detect and Prevent This Common Payroll Fraud Scheme

October 13th, 2022 | 8 min. read

By Bret Asmussen

Criminals have developed many believable scams over the past few years. Chances are, you even know somebody who’s fallen victim to one. It can happen to anyone.

Even if you’ve heard about certain payroll schemes, it’s still possible to fall for them if you’re busy running a business! While speed is valued in work, jumping into tasks quickly means that sometimes red flags are missed.

At CSI Accounting & Payroll, we have worked with small businesses for more than 50 years. Because of this, we know what to look out for. 

There are plenty of ways that you can be taken advantage of internally (by your own staff), but we’re going to focus on the following details of a common external scheme called “payroll diversion.”

  • What are payroll fraud and payroll diversion?
  • How can I detect payroll fraud?
  • How do I prevent payroll fraud?

What are Payroll Fraud and Payroll Diversion?

External payroll fraud is typically referring to cybercriminals using the payroll process to move money from an account that isn’t theirs to an account that they can access, then moving the money again to a place that can’t be tracked. 

This very common form of payroll fraud is called payroll diversion (but may also be called direct deposit fraud.)

What is an Example of Payroll Diversion?

Let’s look at an example of payroll diversion. You’re working at your business, and it’s been a very busy day. An email pops up in your inbox from one of your employees, and they’re asking to change their direct deposit information. You find a moment to fulfill their request, and everything is fine… until payday.

Your employee is upset and says they did not get paid. You ask them about their direct deposit changes, and they say they never asked to make any changes. The email was fake. At this point, you realize you’ve been scammed. 

You try to pull the money back, but you get a notice saying the account is a “non-transactional” account. This is because the scammers had you pay them on a pay card, and then they dispersed the funds into gift cards to be untraceable. Your money is never recovered. Because this is something you did willingly and were not forced, you must take responsibility for it. 

However, by learning about these scenarios and the red flags involved, you can prevent this from ever happening in the first place.

How to Detect Payroll Fraud

What went wrong in the scenario above? Here are some red flags that you’re witnessing an attempted or successful payroll diversion.


There are some professional scammers who can spoof an email address entirely, even when they don’t have access to the account. However, it’s more likely that the scammer’s email URL is not the same as yours. It’s often pretty different from your company’s URL, but sometimes it’s very close. 

Often, we let our guard down when emails don’t land in our spam folder. How did it get through? Scam emails often go to your spam folder if they contain links or attachments, but since this email only contained text, it slipped through your spam filters.

Timing or Urgency

You may also receive the email at a time when the scammer knows you’ll probably be busy. If they place emphasis on a rush for a direct deposit change during a hectic time, you’re more likely to fall for the scam.

Information Seeking

When someone is falsely gaining your trust while gathering private information about you (in the context of information security), that’s called social engineering. This largely will apply to internal fraud.

However, scammers have many different ways of gathering information from you and your employees. 

They might call your front desk to get the contact information of the person who manages your payroll, as well as your pay periods, software, and other details that would help them impersonate an employee or find a weak spot. They may even monitor your online presence (such as LinkedIn or your website) to quickly learn of new employees and confiscate their very first paycheck.


The biggest sign that you’ve already been scammed is if you’ve made a direct deposit change via email, and then your employee tells you they did not get paid even though they received a pay stub.

How to Prevent Payroll Fraud

Based on all of the red flags listed above, we can make some suggestions.

  • Take a look at the actual email address - not just the employee name that it previews. Be sure to look at every character in the email address. Keep in mind that certain characters look similar to each other, or one may be left out.
  • Do not make any important changes completely over email. Either call or talk to your employee in person to confirm it’s really them and that they are the one asking for the change before moving forward.
  • Be wary of urgent requests made at busy times. This includes requests made in the first few minutes of the workday, the last few minutes of the workday, or during your busiest business hours.
  • Trust your gut. If something feels off, don’t move forward. Slow down and ask the right questions before moving forward.
  • Guard your checks. A new scam is going around where criminals can erase the recipients and dollar amounts on your checks! Your checks should arrive at businesses and government offices securely, but don't leave them laying around before you send them. Go for electronic payments whenever possible, or request bank copies of your sent checks if the recipient says you did not pay them.
  • Stay educated about scams. Read articles like this when you see them. Pay attention to the news on TV or on your radio. Scams are evolving, so you need to know what to expect.
  • Partner with a payroll service that you trust. While a payroll service can’t do too much to prevent scams, they can help educate you on common scams to look out for and make you aware of new ones. 

Work With a Scam-Aware Payroll Service

Now that you know about payroll diversion and what to look out for, you should feel more confident in weeding out scammers from people you can trust. With scams ever-evolving and claiming more victims, you don’t want to miss the red flags. Once you hand over your money to a scammer, it’s gone forever. 

If you want to stay in the know, it’s a good idea to partner with a payroll service that puts effort into keeping you aware of what to look out for. Our payroll department at CSI Accounting & Payroll sends notices to our clients whenever we learn more details of new or growing scams.

Want to find out if we can be a good match for your business? Click the button below to schedule a free consultation.

Not ready to talk? That’s no problem! First, you should make sure that you know what a payroll service costs.

Bret Asmussen

Bret began working at CSI in 2007. Over the years, he worked his way up from an entry-level marketing position to his current role of manager of our payroll service. Bret is largely responsible for the growth of our payroll division over the last several years. His previous experience and knowledge in sales and management are exemplified in his success here. Bret has a college degree in Computer Networking, a skill that certainly comes in handy in an office environment. Bret is also a Certified Payroll Professional (CPP). Fun Fact: As an active duty member of the United States Marine Corps, he served in Operation Desert Shield and Desert Storm.