Missing Payroll Deposit? It May be a Scam.
September 20, 2022
Business banking clients have reported issues related to a serious payroll scam recently. It’s not surprising given the global rise of ACH fraud. Wires and ACH credit scams targeted four in 10 organizations last year alone.
The fraudsters pull off the scam by posing as an employee over email. They send a message to someone in a company’s finance department, most commonly a controller or CFO, but sometimes to an outside vendor, such as a CPA firm. The emails look incredibly real; some even mirror the legitimate employee’s signature block exactly.
The fraudster requests that the finance pro update the ACH information on the impersonated employee’s payroll file. The scam isn’t discovered until the next payroll date when the victimized employee doesn’t get paid.
Fortunately, there are best practices for avoiding falling into the payroll scam snares.
1. Implement a verification step, such as calling the employee from a phone number on file (not the phone number included in an email), into the process of updating an employee’s payroll file.
2. Institute dual control so that payroll files are reviewed independently by at least two people.
3. Remove the names, bios and email addresses of finance employees from public-facing company communications, including websites.
4. Encourage finance employees to be vague about their duties, particularly as it relates to payroll, on their LinkedIn and other online networking profiles.
5. Contact the local police and FBI if a payroll scammer attempts to steal from your company and its employees.