X
Visit Full Site

Sheriff: Scammers Are Conducting Direct Deposit Payroll Fraud

Sonora, CA — If you pay employees by direct deposit, local sheriff’s officials say you need to be extra careful, adding that employees who get paid that way should also pay attention.

Tuolumne County Sheriff’s spokesperson Sgt. Andrea Benson reports a disturbing increase in phishing emails involving payroll direct deposit, primarily targeting businesses and companies with requests to reroute an employee’s direct deposit paycheck.

Unlike obvious swindle emails many folks are accustomed to getting, the emails involved in this phishing scheme generally impersonate a real company employee who target personnel in the company’s payroll or human resources departments.

Another difference that makes the deception harder to pinpoint is that the fake emails are usually well written, cordial and lack the misspellings, grammar mistakes, and exclamation points that would trigger many popular email filters that search for spam or phishing attempts. In addition, Benson warns that the scammers may even somewhat accurately spoof the forms used by the company when they email their fraudulent requests.

These Seemingly Ordinary Emails To Payroll Or HR Are Not

Explaining how it works, Benson describes that a sent email requests a payroll or HR person to update the employee’s direct deposit information for payroll purposes. Within the email message, the scammer provides “new” bank account and routing numbers, which lead to a bogus account under the con artist’s control.

She points out that such requests may not seem out of the ordinary as the scammer uses real information by supplying an actual employee name; perhaps a new hire or a retiree. Unfortunately, by the time a company discovers the deception, the employee has lost one or two payroll deposits, leaving the business responsible in replacing the monetary loss.

Benson is sharing word of this latest spoofing because it is trending and somewhat different because it does not require the criminal to hack into anyone’s email account as it often does with bigger ticket wire fraud. The scammers generate the fake emails with free services like Gmail and they can simply open a new email account and fill in the employee’s name, which allows them to get around tools meant to detect hacking attempts on employee email.

She warns that employees may not notice either, because they are working quickly and they do not notice the full email address, or they are working on a mobile device where only the person’s name is displayed in the “From” field. “We recommend making a phone call to the employee or meeting with them in person to verify the request before processing the change, and it is also best to avoid using your personal email when sending messages to staff,” Benson suggests.

How To Report These Scams

She says, if you receive one of these emails, here is what to do:

•Forward non-tax related BEC/BES email scams to the Internal Crime Complaint Center (IC3), which is monitored by the Federal Bureau of Investigation (FBI). You can file a complaint about email scams or other internet-related scams by clicking here.

•If you receive tax-related phishing emails, forward those to phishing@irs.gov. Monitoring this account are IRS cyber-security professionals, and using this reporting process enables the IRS and its Security Summit partners to identify trends and issue warnings.

•If you are an employer impacted by the form W-2 scam, forward the email to dataloss@irs.gov. There is a process employers can follow (at Form W-2/SSN Data Theft: Information for Businesses and Payroll Service Providers).

•If you are an employer who received a form W-2 fraud email but was not affected (meaning you did not click or respond), forward the email to phishing@irs.gov.