Human resources fraud scam targeting personnel and payroll accounts
It’s important to always stay up to date on the latest fraud scams, especially when you’re a business owner. Unfortunately, fraudsters are now targeting human resource departments, specifically payroll accounts.
About the scam
This scam involves fraudsters sending emails to human resources and payroll personnel, posing as upper management employees, like CEOs, CFOs, and directors. The email will seem legitimate and will provide updated contact information for the HR department to use for direct deposits. This will often include both a new bank account number and a routing number. If successful, the fraudster will have the funds direct deposited into the fake account, allowing them to run off with their stolen paycheck while the business and employee are left with nothing.
Warning signs for fraudulent emails
Here are some tall-tale signs to educate your employees about so they can look out for these fraudulent emails.
1. Email address seems legitimate, but is slightly different. The fraudster sending these emails will do their homework and create an email that follows your business’s email format. Because they can’t copy exact email addresses, the sender account may be one or two letters different from the original account. It sounds easy to spot, but for a busy employee it can be easy to miss. Here’s an example:
• William.White@company.com
• Wil1iam.White@company.com
Both of these emails appear the same. If you look closely, in the 2nd address the 2nd “L” in William is actually the number “1.” This can be tricky for even the more careful eyes, making it important for employees to review every email address they receive.
2. Email sent with added sense of urgency. Fraudster will often send subject lines or messages that have an increased sense of urgency. Their goal is for the employee to quickly act and not question what they were sent. Train your employees to be diligent when it comes to odd requests by creating standards for what will and will not be asked of them. Also, encourage your employees to ask questions when a situation seems out of the ordinary.
3. Email design seems a little different. Again, the fraudsters will do their homework to replicate the style of your email as much as possible. Combat this by creating a standard for both the design and structure of your emails, including the email signature. This creates another way for your employees to spot any suspicious and illegitimate emails.
Employee education
Your quickest and best line of defense is to keep your employees informed and engaged about the latest fraud trends. Communicating and educate your employees on ways to spot potential fraud and encourage them to always speak up if they find anything specious. It is also important to establish verifications for any personal information and payroll requests with the specific employee prior to updating the information. Also, it may be a good idea to consider creating tests for your employees to practice with. Do not inform them about a test email being sent out, then educate them about what was wrong with the email once they have received it. After all, practice makes perfect and can save you from potential losses.
If you ever suspect your business is the victim of a scam, immediately report the incident to law enforcement or with the Internet Crime Complaint Center.