Criminals have developed many believable scams over the past few years. Chances are, you even know somebody who’s fallen victim to one. It can happen to anyone.
Even if you’ve heard about certain payroll schemes, it’s still possible to fall for them if you’re busy running a business! While speed is valued in work, jumping into tasks quickly means that sometimes red flags are missed.
At CSI Accounting & Payroll, we have worked with small businesses for more than 50 years. Because of this, we know what to look out for.
There are plenty of ways that you can be taken advantage of internally (by your own staff), but we’re going to focus on the following details of a common external scheme called “payroll diversion.”
External payroll fraud is typically referring to cybercriminals using the payroll process to move money from an account that isn’t theirs to an account that they can access, then moving the money again to a place that can’t be tracked.
This very common form of payroll fraud is called payroll diversion (but may also be called direct deposit fraud.)
Let’s look at an example of payroll diversion. You’re working at your business, and it’s been a very busy day. An email pops up in your inbox from one of your employees, and they’re asking to change their direct deposit information. You find a moment to fulfill their request, and everything is fine… until payday.
Your employee is upset and says they did not get paid. You ask them about their direct deposit changes, and they say they never asked to make any changes. The email was fake. At this point, you realize you’ve been scammed.
You try to pull the money back, but you get a notice saying the account is a “non-transactional” account. This is because the scammers had you pay them on a pay card, and then they dispersed the funds into gift cards to be untraceable. Your money is never recovered. Because this is something you did willingly and were not forced, you must take responsibility for it.
However, by learning about these scenarios and the red flags involved, you can prevent this from ever happening in the first place.
What went wrong in the scenario above? Here are some red flags that you’re witnessing an attempted or successful payroll diversion.
There are some professional scammers who can spoof an email address entirely, even when they don’t have access to the account. However, it’s more likely that the scammer’s email URL is not the same as yours. It’s often pretty different from your company’s URL, but sometimes it’s very close.
Often, we let our guard down when emails don’t land in our spam folder. How did it get through? Scam emails often go to your spam folder if they contain links or attachments, but since this email only contained text, it slipped through your spam filters.
You may also receive the email at a time when the scammer knows you’ll probably be busy. If they place emphasis on a rush for a direct deposit change during a hectic time, you’re more likely to fall for the scam.
When someone is falsely gaining your trust while gathering private information about you (in the context of information security), that’s called social engineering. This largely will apply to internal fraud.
However, scammers have many different ways of gathering information from you and your employees.
They might call your front desk to get the contact information of the person who manages your payroll, as well as your pay periods, software, and other details that would help them impersonate an employee or find a weak spot. They may even monitor your online presence (such as LinkedIn or your website) to quickly learn of new employees and confiscate their very first paycheck.
The biggest sign that you’ve already been scammed is if you’ve made a direct deposit change via email, and then your employee tells you they did not get paid even though they received a pay stub.
Based on all of the red flags listed above, we can make some suggestions.
Now that you know about payroll diversion and what to look out for, you should feel more confident in weeding out scammers from people you can trust. With scams ever-evolving and claiming more victims, you don’t want to miss the red flags. Once you hand over your money to a scammer, it’s gone forever.
If you want to stay in the know, it’s a good idea to partner with a payroll service that puts effort into keeping you aware of what to look out for. Our payroll department at CSI Accounting & Payroll sends notices to our clients whenever we learn more details of new or growing scams.
Want to find out if we can be a good match for your business? Click the button below to schedule a free consultation.
Not ready to talk? That’s no problem! First, you should make sure that you know what a payroll service costs.