Employee Impersonation Scams: Recognizing & Preventing Payroll Fraud
At the beginning of the year, especially as we approach tax season, there is often an increase in scams targeting small business owners. It's crucial to be vigilant during this time. PayWorks would like to inform you about a concerning new scam that has affected several businesses. This sophisticated scheme involves hackers impersonating employees in order to fraudulently redirect their paychecks to unauthorized accounts. Read the below information to stay alert of new workplace scams and protect your business.
How the Scam Works
The attackers typically start by obtaining company email addresses from the "Meet the Staff" page on the company website. If your employees' email addresses are publicly available, it's essential to warn them to be cautious. Here's how this scam is executed:
Employee Impersonation: Hackers create email addresses that mimic the names of legitimate employees to appear credible. This simple tactic can easily lead employees to mistakenly respond to an impersonator when handling email requests quickly.
Direct Deposit Requests: The hackers usually email the contact email address on your website, HR or payroll departments and request a change to their direct deposit information. While this may seem like a straightforward request, it should be taken seriously since this is a common scam tactic.
Fraudulent Accounts: The accounts the hackers request payments to are often linked to payment apps. These platforms may lack rigorous authentication processes for entering personal information, making it easier for hackers to impersonate individuals. Once the funds are transferred to these fraudulent accounts, the hackers move the money quickly, making recovery difficult.
Key Red Flags
There are a few key red flags to look for when identifying if an email is a scam.
Unverified Email Addresses: Never rely solely on the sender's name displayed in the email. Hackers may attempt to deceive you by using an employee's name, but the email address may not match what is recorded for them at the company. Carefully examine the full email address for any discrepancies or inconsistencies.
Suspicious Language: Be cautious of unusual or overly formal language in the email. Phrases such as "Signed with gratitude" may come off as generic and impersonal, which can raise suspicion. If the tone or language used in the email differs from previous communications with an employee, it may indicate that the message is a scam.
Prevention and Mitigation
Here are tips to prevent scams and limit the chances of a scammer taking advantage of your small business.
Verify Through Other Channels: If you have doubts about a request, verify it using a different communication method. For example, if you receive an email asking to change direct deposit information, contact the employee directly by phone or use the company messaging system to confirm the request.
Secure PDF Distribution: Most PDF programs offer the option to password-protect personal documents, such as W-2 forms or pay stubs, with unique and memorable passwords for each employee. This added layer of security can help deter scammers.
Legitimize Bank Changes with Authorization Forms: It is advisable to require direct deposit authorization forms for any changes to bank information. Many scams succeed because they rely on machine-signed documents. Have employees use actual inked signatures instead.
Report Scams to a Fraud Database: If you encounter a fraudulent bank account, contact your PayWorks Account Representative. We can have our direct deposit transfer agent add the information to a fraud database to prevent similar scams in the future using those specific accounts. This is just one of the many benefits of partnering with a payroll provider.
Note: PayWorks will not accept any personal information from our clients or their employees.
Tax Season Caution
Scammers frequently ramp up their activity during tax season, which runs from December to April. Be alert for email requests for W-2 copies, particularly those received outside the standard tax filing deadlines. Utilize the tools available to help identify red flags and safeguard your business and employees from potential scams.
Businesses can significantly reduce their vulnerability to impersonation scams by implementing these preventative measures. Always verify requests through alternative channels, carefully examine email addresses, and be cautious of unusual language. Schedule a free consultation today with PayWorks to better understand how to protect your business from common workplace scams.
PayWorks is not providing legal or tax advice. The information on this website is for informational purposes only and should not be relied upon as legal or tax advice. You should consult with your own legal and tax advisors before making any decisions about your financial situation.